SlideShare a Scribd company logo

How to Secure Your Kubernetes Software Supply Chain at Scale

Anchore , profile picture
Anchore

The document discusses strategies for securing Kubernetes software supply chains, focusing on lifecycle management, operational efficiency, and compliance risks associated with complex software delivery. It introduces Anchore as a solution for enhancing security through deep image inspection, policy enforcement, and API-centric integration within the Kubernetes ecosystem. Key features of Anchore include continuous monitoring, vulnerability tracking, and customizable policies to protect against various security vulnerabilities.

Software
Related topics:
Software Supply Chain
1 of 30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Securing K8s Supply Chain How to Secure Your Kubernetes Software Supply Chain at Scale
Housekeeping 01 02 03 All participant lines are muted Questions will be accepted throughout, enter questions via Q&A panel You will receive a follow-up email with a link to the recording 04 Please respond to poll questions as they are appear on your screen
Cornelia Davis Tech fellow & VP of Product Spectro Cloud Alan Pope Director of Developer Relations Anchore
© 2024 Spectro Cloud®. All rights reserved. 4
© 2024 Spectro Cloud®. All rights reserved. 5 How do we establish and manage that Kubernetes environment?
Palette: a unique platform for K8s at scale Model what the clusters will look like OS K8s CNI CSI Add-ons / integrations Applications Unified profile-based management across all layers
Palette: a unique platform for K8s at scale Model what the clusters will look like Manage the full lifecycle create, maintain, update, delete OS K8s CNI CSI Add-ons / integrations Applications Unified profile-based management across all layers Full-stack Compatibility Checks Cost control Auto-healing Drift prevention Simplified DevX Palette Virtual Clusters Multi-cluster observability
8 Palette: a unique platform for K8s at scale Model what the clusters will look like Manage the full lifecycle create, maintain, update, delete OS K8s CNI CSI Add-ons / integrations Applications Unified profile-based management across all layers Full-stack Compatibility Checks Wherever you need them Cost control Auto-healing Drift prevention Simplified DevX Palette Virtual Clusters Multi-cluster observability
9 Palette: a unique platform for K8s at scale Model what the clusters will look like Manage the full lifecycle create, maintain, update, delete OS K8s CNI CSI Add-ons / integrations Applications Unified profile-based management across all layers Full-stack Compatibility Checks Wherever you need them Decentralized policy enforcement Distributed architecture promotes resilience, scale, and more. Cost control Auto-healing Drift prevention Simplified DevX Palette Virtual Clusters Multi-cluster observability
© 2023 Spectro Cloud®. All rights reserved. 10 Kubernetes-as-a-Service Request Request Governance Access Visibility Cost control Request Deploy Deploy Deploy Benefits • Operational efficiency – no tech debt • IT Ops empowering dev teams without being blockers • Fast delivery of clusters and full-stack lifecycle management • Multi-cluster governance • Compatibility with existing toolchain
© 2023 Spectro Cloud®. All rights reserved. 11
© 2023 Spectro Cloud®. All rights reserved. 12
© 2023 Spectro Cloud®. All rights reserved. 13
Software Delivery Risks
Software Supply Chains today are complex Run Deploy Stage Build Source Many dependencies brought in at each stage Multiple teams and tools Multiple Source repos Multiple builds per day Multiple registries Multiple deployments Multiple clusters Scan Limited checks
Your DevOps Toolchains Your DevOps Process Run Deploy Container Platform Automated Config Registry CI/CD SCM Stage Build Develop Source Public & Private Repos Security Risks Can Enter Anywhere Known vulnerabilities Insider attacks Zero day vulnerabilities Typo squatting Insider attacks Patch site attack Stolen credentials Compromised tool Plugins with malware Dependency hijacking Typo squatting Stolen credentials Workload Platform
How Anchore Enterprise can help Pass/Fail for best practices or compliance controls via policy-as-code Visibility Inspection Policy Enforcement Remediation Reporting DevOps SecOps & Compliance SBOM metadata and (optional) data stored in database for querying Security issues assessed continually against stored SBOMs Notifications sent via native developer tools about security issues Scheduled or ad-hoc reports for triage, SLA, compliance, or trending ✅ ❌ SBOM generated locally in CI or pulled for backend generation CI/CD Registry Runtime Vuln Feed
SBOMs
What Makes Anchore Unique Deep image inspection and SBOM generation Find issues with OS packages, libraries, licenses, binaries, credentials, secrets, and metadata. This rich data is stored as an SBOM with higher fidelity than other SBOM standards. Based on 100% open source Syft and Grype Reduce false positives Flexible policies for compliance Scan source code repos Anchore provides fewer false positives due to accurate SBOMs, precision vulnerability matching algorithm, hints, corrections, and allowlists. Anchore enables compliance and control with out-of-the-box policy packs and flexible, customizable policies using any SBOM or vulnerability metadata. Anchore enables you to scan source code repos to shift further left. This also enables you to scan non-containerized workloads.
What Makes Anchore Unique API-centric for developers/DevOps Anchore provides 100% API-coverage with fully-documented APIs so developers don’t have to leave their tools. Discover malware/secrets and misconfigurations Anchore goes beyond vulnerabilities to identify secrets, malware, and misconfigurations in your containers, code, or dockerfiles. Runtime protection Anchore provides policy gates before deployment and offers continuous monitoring of running images for security and compliance risk. Visibility into all vulnerabilities Anchore identifies and tracks all vulnerabilities, not just those that violate policies, for a complete picture of your security posture.
Anchore Enterprise: How it Works Anchore Enterprise Run Deploy Stage Build Source Runtime SCM CI/CD Registry Docker v2 API Admission controller AnchoreCTL AnchoreCTL Enterprise Capabilities ● Linux and Windows containers ● Malware & secrets scanning in addition to vulnerabilities ● Fully-supported integrations with CI/CD tools ● Continuous scanning from develop to runtime ● Persist SBOMs and security results across apps and teams ● Enhanced vulnerability feed ● Centralized policy enforcement with pre-built policy packs ● API/GUI for reporting and auditing ● Notifications ● Remediation recommendations & workflows ● Enterprise control with support for RBAC, SSO, LDAP ● SLA Technical Support K8S Inventory EKS Inventory Policy Enforcement | Compliance Vulnerabilities SBOM Management Analyzers Analyzers Analyzers Analyzers Analyzers Reporting | Auditing Malware | Secrets False Positive Mgmt Remediation
Policy Bundle Components Policies Named set of rules and actions Allowlists Named sets of rule exclusions to override a policy Mappings Ordered rules to determine which policies & allowlists to apply to which images Allowlist Images Overrides for images to set the final result to pass Blocklist Images Overrides for images to set the final result to fail
Demo Anchore Enterprise 5.7
© 2024 Spectro Cloud®. All rights reserved. 24 So then how do you bring Anchore into your Kubernetes ecosystem?
25 Palette: a unique platform for K8s at scale Model what the clusters will look like Manage the full lifecycle create, maintain, update, delete OS K8s CNI CSI Add-ons / integrations Applications Unified profile-based management across all layers Full-stack Compatibility Checks Wherever you need them Decentralized policy enforcement Distributed architecture promotes resilience, scale, and more. Cost control Auto-healing Drift prevention Simplified DevX Palette Virtual Clusters Multi-cluster observability
© 2024 Spectro Cloud®. All rights reserved. Modeling Addons - Cluster Profiles
© 2024 Spectro Cloud®. All rights reserved. Creating Cluster Profiles
Questions
Wrapping up
Get started with a free trial of Anchore Enterprise https://get.anchore.com/free-trial/ Learn more about Spectro Cloud https://www.spectrocloud.com/security https://www.spectrocloud.com/product/sena Visit our GitHub and Community Slack github.com/anchore and https://anchore.com/slack Learn more about Anchore customers https://anchore.com/case-studies/ Next Steps

More Related Content

PPTX
CSC AWS re:Invent Enterprise DevOps session
Tom Laszewski
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PPTX
Securing Your Public Cloud Infrastructure
Qualys
 
PDF
Cncf checkov and bridgecrew
LibbySchulze
 
PDF
Adopting the DoD Software Factory Model: Insights & How Tos
Anchore
 
PPTX
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
PDF
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Enterprise Management Associates
 
PDF
Slide DevSecOps Microservices
Hendri Karisma
 
CSC AWS re:Invent Enterprise DevOps session
Tom Laszewski
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Securing Your Public Cloud Infrastructure
Qualys
 
Cncf checkov and bridgecrew
LibbySchulze
 
Adopting the DoD Software Factory Model: Insights & How Tos
Anchore
 
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Enterprise Management Associates
 
Slide DevSecOps Microservices
Hendri Karisma
 

Similar to How to Secure Your Kubernetes Software Supply Chain at Scale (20)

PDF
How-to-Supercharge-Your-Kubernetes-DevOps-with-CICD-Tools.pdf
Artjoker Software Development Company
 
PDF
Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023
VMware Tanzu
 
PDF
Shift Right Security for EKS Webinar Slides
Anchore
 
PDF
Let's banish "it works on my machine"
Stephanie Locke
 
PPT
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
 
PDF
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
WSO2
 
PPTX
IBM Multicloud Management on the OpenShift Container Platform
Michael Elder
 
PDF
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
PPTX
Cloud Application Security: Lessons Learned
Jason Chan
 
PDF
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
InfoSeption
 
PDF
8 - OpenShift - A look at a container platform: what's in the box
Kangaroot
 
PDF
Continuous Integration and Continuous Delivery on Azure
CitiusTech
 
PDF
AWS live hack: Atlassian + Snyk OSS on AWS
Eric Smalling
 
PDF
Lublin Startup Festival - Mobile Architecture Design Patterns
Karol Szmaj
 
PPTX
SCALABLE CI CD DEVOPS
G R VISHAL
 
PDF
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
PPTX
AWS TechConnect 2018 - Container Adoption
Alex Rhea
 
PDF
Coverity Data Sheet
Jon Lundquist
 
PDF
Software Security in the Real World w/Kelsey Hightower
Anchore
 
PDF
AWS live hack: Docker + Snyk Container on AWS
Eric Smalling
 
How-to-Supercharge-Your-Kubernetes-DevOps-with-CICD-Tools.pdf
Artjoker Software Development Company
 
Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023
VMware Tanzu
 
Shift Right Security for EKS Webinar Slides
Anchore
 
Let's banish "it works on my machine"
Stephanie Locke
 
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
 
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
WSO2
 
IBM Multicloud Management on the OpenShift Container Platform
Michael Elder
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Cloud Application Security: Lessons Learned
Jason Chan
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
InfoSeption
 
8 - OpenShift - A look at a container platform: what's in the box
Kangaroot
 
Continuous Integration and Continuous Delivery on Azure
CitiusTech
 
AWS live hack: Atlassian + Snyk OSS on AWS
Eric Smalling
 
Lublin Startup Festival - Mobile Architecture Design Patterns
Karol Szmaj
 
SCALABLE CI CD DEVOPS
G R VISHAL
 
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
AWS TechConnect 2018 - Container Adoption
Alex Rhea
 
Coverity Data Sheet
Jon Lundquist
 
Software Security in the Real World w/Kelsey Hightower
Anchore
 
AWS live hack: Docker + Snyk Container on AWS
Eric Smalling
 
Ad

More from Anchore (19)

PDF
How the US Navy Approaches DevSecOps with Raise 2.0
Anchore
 
PDF
Establish Visibility and Manage Risk in the Supply Chain with Anchore SBOM
Anchore
 
PDF
Webinar: How to Identify and Tackle SBOM Sprawl
Anchore
 
PDF
Rapid Incident Response to Zero Day Vulnerabilities
Anchore
 
PDF
STIG in Action: Continuous Compliance with MITRE & Anchore
Anchore
 
PDF
Increase Supply Chain Transparency & Security with Harbor & Anchore
Anchore
 
PDF
Understanding SBOMs: How to Automate, Generate & Manager SBOMs
Anchore
 
PDF
Understanding SBOMs - Deep Dive with Kate Stewart.pdf
Anchore
 
PDF
Understanding SBOMs: An Introduction to Modern Development
Anchore
 
PDF
2024 Trends in Software Supply Chain Security
Anchore
 
PDF
STIG 101 with MITRE & Anchore: Insights for Compliance & Cyber Readiness
Anchore
 
PDF
Expert Series: Solving Real-World Challenges in FedRAMP Compliance
Anchore
 
PDF
Accelerate FedRAMP Compliance on Amazon EKS with Anchore
Anchore
 
PDF
Release Webinar: Introducing the Anchore Data Service
Anchore
 
PDF
How SBOMs Protect Google's Massive Software Supply Chain
Anchore
 
PDF
Automated Policy Enforcement for CMMC with Anchore Enterprise
Anchore
 
PDF
Easy Compliance is Continuous Compliance
Anchore
 
PDF
Adapting to the new normal at NVD with Anchore Vulnerability Feed
Anchore
 
PDF
Tracking license compliance made easy - intro to Grant (OSS)
Anchore
 
How the US Navy Approaches DevSecOps with Raise 2.0
Anchore
 
Establish Visibility and Manage Risk in the Supply Chain with Anchore SBOM
Anchore
 
Webinar: How to Identify and Tackle SBOM Sprawl
Anchore
 
Rapid Incident Response to Zero Day Vulnerabilities
Anchore
 
STIG in Action: Continuous Compliance with MITRE & Anchore
Anchore
 
Increase Supply Chain Transparency & Security with Harbor & Anchore
Anchore
 
Understanding SBOMs: How to Automate, Generate & Manager SBOMs
Anchore
 
Understanding SBOMs - Deep Dive with Kate Stewart.pdf
Anchore
 
Understanding SBOMs: An Introduction to Modern Development
Anchore
 
2024 Trends in Software Supply Chain Security
Anchore
 
STIG 101 with MITRE & Anchore: Insights for Compliance & Cyber Readiness
Anchore
 
Expert Series: Solving Real-World Challenges in FedRAMP Compliance
Anchore
 
Accelerate FedRAMP Compliance on Amazon EKS with Anchore
Anchore
 
Release Webinar: Introducing the Anchore Data Service
Anchore
 
How SBOMs Protect Google's Massive Software Supply Chain
Anchore
 
Automated Policy Enforcement for CMMC with Anchore Enterprise
Anchore
 
Easy Compliance is Continuous Compliance
Anchore
 
Adapting to the new normal at NVD with Anchore Vulnerability Feed
Anchore
 
Tracking license compliance made easy - intro to Grant (OSS)
Anchore
 
Ad

Recently uploaded (20)

PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
Introduction to Artificial Intelligence
lohedi9363
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Introduction Database Management System for Course Database
ReinertYosua
 

How to Secure Your Kubernetes Software Supply Chain at Scale

  • 1. Securing K8s Supply Chain How to Secure Your Kubernetes Software Supply Chain at Scale
  • 2. Housekeeping 01 02 03 All participant lines are muted Questions will be accepted throughout, enter questions via Q&A panel You will receive a follow-up email with a link to the recording 04 Please respond to poll questions as they are appear on your screen
  • 3. Cornelia Davis Tech fellow & VP of Product Spectro Cloud Alan Pope Director of Developer Relations Anchore
  • 4. © 2024 Spectro Cloud®. All rights reserved. 4
  • 5. © 2024 Spectro Cloud®. All rights reserved. 5 How do we establish and manage that Kubernetes environment?
  • 6. Palette: a unique platform for K8s at scale Model what the clusters will look like OS K8s CNI CSI Add-ons / integrations Applications Unified profile-based management across all layers
  • 7. Palette: a unique platform for K8s at scale Model what the clusters will look like Manage the full lifecycle create, maintain, update, delete OS K8s CNI CSI Add-ons / integrations Applications Unified profile-based management across all layers Full-stack Compatibility Checks Cost control Auto-healing Drift prevention Simplified DevX Palette Virtual Clusters Multi-cluster observability
  • 8. 8 Palette: a unique platform for K8s at scale Model what the clusters will look like Manage the full lifecycle create, maintain, update, delete OS K8s CNI CSI Add-ons / integrations Applications Unified profile-based management across all layers Full-stack Compatibility Checks Wherever you need them Cost control Auto-healing Drift prevention Simplified DevX Palette Virtual Clusters Multi-cluster observability
  • 9. 9 Palette: a unique platform for K8s at scale Model what the clusters will look like Manage the full lifecycle create, maintain, update, delete OS K8s CNI CSI Add-ons / integrations Applications Unified profile-based management across all layers Full-stack Compatibility Checks Wherever you need them Decentralized policy enforcement Distributed architecture promotes resilience, scale, and more. Cost control Auto-healing Drift prevention Simplified DevX Palette Virtual Clusters Multi-cluster observability
  • 10. © 2023 Spectro Cloud®. All rights reserved. 10 Kubernetes-as-a-Service Request Request Governance Access Visibility Cost control Request Deploy Deploy Deploy Benefits • Operational efficiency – no tech debt • IT Ops empowering dev teams without being blockers • Fast delivery of clusters and full-stack lifecycle management • Multi-cluster governance • Compatibility with existing toolchain
  • 11. © 2023 Spectro Cloud®. All rights reserved. 11
  • 12. © 2023 Spectro Cloud®. All rights reserved. 12
  • 13. © 2023 Spectro Cloud®. All rights reserved. 13
  • 15. Software Supply Chains today are complex Run Deploy Stage Build Source Many dependencies brought in at each stage Multiple teams and tools Multiple Source repos Multiple builds per day Multiple registries Multiple deployments Multiple clusters Scan Limited checks
  • 16. Your DevOps Toolchains Your DevOps Process Run Deploy Container Platform Automated Config Registry CI/CD SCM Stage Build Develop Source Public & Private Repos Security Risks Can Enter Anywhere Known vulnerabilities Insider attacks Zero day vulnerabilities Typo squatting Insider attacks Patch site attack Stolen credentials Compromised tool Plugins with malware Dependency hijacking Typo squatting Stolen credentials Workload Platform
  • 17. How Anchore Enterprise can help Pass/Fail for best practices or compliance controls via policy-as-code Visibility Inspection Policy Enforcement Remediation Reporting DevOps SecOps & Compliance SBOM metadata and (optional) data stored in database for querying Security issues assessed continually against stored SBOMs Notifications sent via native developer tools about security issues Scheduled or ad-hoc reports for triage, SLA, compliance, or trending ✅ ❌ SBOM generated locally in CI or pulled for backend generation CI/CD Registry Runtime Vuln Feed
  • 18. SBOMs
  • 19. What Makes Anchore Unique Deep image inspection and SBOM generation Find issues with OS packages, libraries, licenses, binaries, credentials, secrets, and metadata. This rich data is stored as an SBOM with higher fidelity than other SBOM standards. Based on 100% open source Syft and Grype Reduce false positives Flexible policies for compliance Scan source code repos Anchore provides fewer false positives due to accurate SBOMs, precision vulnerability matching algorithm, hints, corrections, and allowlists. Anchore enables compliance and control with out-of-the-box policy packs and flexible, customizable policies using any SBOM or vulnerability metadata. Anchore enables you to scan source code repos to shift further left. This also enables you to scan non-containerized workloads.
  • 20. What Makes Anchore Unique API-centric for developers/DevOps Anchore provides 100% API-coverage with fully-documented APIs so developers don’t have to leave their tools. Discover malware/secrets and misconfigurations Anchore goes beyond vulnerabilities to identify secrets, malware, and misconfigurations in your containers, code, or dockerfiles. Runtime protection Anchore provides policy gates before deployment and offers continuous monitoring of running images for security and compliance risk. Visibility into all vulnerabilities Anchore identifies and tracks all vulnerabilities, not just those that violate policies, for a complete picture of your security posture.
  • 21. Anchore Enterprise: How it Works Anchore Enterprise Run Deploy Stage Build Source Runtime SCM CI/CD Registry Docker v2 API Admission controller AnchoreCTL AnchoreCTL Enterprise Capabilities ● Linux and Windows containers ● Malware & secrets scanning in addition to vulnerabilities ● Fully-supported integrations with CI/CD tools ● Continuous scanning from develop to runtime ● Persist SBOMs and security results across apps and teams ● Enhanced vulnerability feed ● Centralized policy enforcement with pre-built policy packs ● API/GUI for reporting and auditing ● Notifications ● Remediation recommendations & workflows ● Enterprise control with support for RBAC, SSO, LDAP ● SLA Technical Support K8S Inventory EKS Inventory Policy Enforcement | Compliance Vulnerabilities SBOM Management Analyzers Analyzers Analyzers Analyzers Analyzers Reporting | Auditing Malware | Secrets False Positive Mgmt Remediation
  • 22. Policy Bundle Components Policies Named set of rules and actions Allowlists Named sets of rule exclusions to override a policy Mappings Ordered rules to determine which policies & allowlists to apply to which images Allowlist Images Overrides for images to set the final result to pass Blocklist Images Overrides for images to set the final result to fail
  • 24. © 2024 Spectro Cloud®. All rights reserved. 24 So then how do you bring Anchore into your Kubernetes ecosystem?
  • 25. 25 Palette: a unique platform for K8s at scale Model what the clusters will look like Manage the full lifecycle create, maintain, update, delete OS K8s CNI CSI Add-ons / integrations Applications Unified profile-based management across all layers Full-stack Compatibility Checks Wherever you need them Decentralized policy enforcement Distributed architecture promotes resilience, scale, and more. Cost control Auto-healing Drift prevention Simplified DevX Palette Virtual Clusters Multi-cluster observability
  • 26. © 2024 Spectro Cloud®. All rights reserved. Modeling Addons - Cluster Profiles
  • 27. © 2024 Spectro Cloud®. All rights reserved. Creating Cluster Profiles
  • 30. Get started with a free trial of Anchore Enterprise https://get.anchore.com/free-trial/ Learn more about Spectro Cloud https://www.spectrocloud.com/security https://www.spectrocloud.com/product/sena Visit our GitHub and Community Slack github.com/anchore and https://anchore.com/slack Learn more about Anchore customers https://anchore.com/case-studies/ Next Steps