Anchore is an open source container image scanning tool that analyzes packages and third-party libraries present in container images to find known software vulnerabilities and report on content and licenses.
Anchore allows developers, operations, and security teams to perform detailed analysis on container images, run queries, produce reports and define policies that can be used in CI/CD pipelines.
Anchore was founded in 2016 by Saïd Ziouani and Daniel Nurmi. The company is headquartered in Santa Barbara, California.
The Anchore open source project allows developers to perform detailed analysis on their container images, run queries, produce reports and define policies that can be used in CI/CD pipelines.
Anchore analysis tools inspect your container image and generate a detailed manifest of the image, a virtual ‘bill of materials’ that includes official operating system packages, unofficial packages, configuration files and language modules and artifacts such as NPM, PiP, GEM, and Java archives.
Anchore is backed by SignalFire, e.ventures, Doug Carlisle, and Andreas von Blottnitz. The company raised $20M in a Series A financing on Jan 22, 2020. This new round brings Anchore's total funding to $29M to date.