Learn how to develop faster with Anchore on Red Hat Marketplace

by Kate Kwiatkowski

Business Development Leader for Red Hat Marketplace

Anchore, an inaugural Red Hat Marketplace partner, is focused on helping enterprises and federal organizations achieve container-based application development—more securely and at scale. Anchore Enterprise, the company’s enterprise DevSecOps product, is a complete container security workflow solution for professional teams. Easily integrating with CI/CD systems, it allows developers to bolster security without compromising velocity and enables security teams to audit and verify compliance in real time. It is based on Anchore Engine, an open-source image inspection and scanning tool.

The team at Anchore recently worked with Red Hat to help the United States Department of Defense (DoD) fundamentally change how it builds, deploys, and operates software. Having previously taken advantage of a waterfall-driven development process to build monolithic applications, the DoD decided to embrace a new approach to application development to lower costs with greater innovation. Using Red Hat OpenShift and Anchore Enterprise, the DoD implemented a flexible, container-based platform for software delivery.

To help security teams, DevSecOps engineers, and information system security leaders learn from the steps the DoD took to establish high-velocity development and deployment of new services, Anchore has published an in-depth case study. The paper helps readers understand the importance of adopting and utilizing approved hardened containers in the US Government and documents the United States Air Force (USAF) DevSecOps model.

Here’s an excerpt from the report:

“Over the past 12-months, Anchore and Red Hat have worked side by side to develop and implement an automated process for hardening and securing containerized software within the United States Air Force. Anchore is the only container security vendor providing hands-on support as part of the U.S. Department of Defense DevSecOps Platform (DSOP) initiative. The beating heart of the DSOP initiative is a powerful Kubernetes cluster that can run on any infrastructure. In many cases, including this one, the Kubernetes cluster is powered by Red Hat OpenShift.

This paper, based on hands-on experience working with our government partners in the U.S. Department of Defense and United States Air Force, provides valuable insight and guidance on best practices for secure, high-velocity software delivery…our goal is to document the USAF DevSecOps model, describe the container-hardening process currently used by USAF, and demonstrate to federal audiences how they can instantiate or augment their own DevSecOps pipelines using DoD-approved, hardened containers.”

The paper begins by outlining the DoD’s problem statement, and then quickly begins to examine how the DoD is building its DevSecOps practice:

“DevSecOps is quickly becoming an optimal mode of operation for consumers of container-based technologies, from early adopters to long-time users. As enterprises move towards more agile development by implementing modern DevOps, the rate of change increases and attack surfaces become more fragmented and dynamic. The integration of security into each stage of the software development life cycle, a practice known as DevSecOps, is now critical for organizations operating in today’s cloud-native environments.

The DoD codified their new approach to software creation and management in the DevSecOps Reference Design. This document, hosted at software.af.mil and linked from the Anchore Federal web page, contains a roadmap for various defense agencies and programs to dramatically overhaul the traditional waterfall software development practices in common use. It has resulted in the creation of a new platform for DevSecOps known as Platform One.

In their DevSecOps Reference Design , the DoD defines DevSecOps as “a collection of software-integrated tools, services, and standards that enable partners and programs to develop, deploy, and operate applications in a secure, flexible and interoperable fashion”. Championed by Nicolas Chaillan, Chief Software Officer of the United States Air Force (USAF), the DoD DevSecOps Initiative is charged with creating a platform that can be easily reused and implemented across all branches of the DoD.

Separating itself from DoD operational systems of the past, this new Reference Design prescribes comprehensive use of industry standards such as Open Container Initiative (OCI) containers and Kubernetes to develop and deploy software. The use of containers deployed on Red Hat OpenShift is familiar to the teams at Anchore and Red Hat, as it is the same approach taken by many of the Fortune 500 enterprises we support. Containers offer multiple advantages of particular interest to the Department of Defense, including velocity, cost-efficiency, immutability, scalability, consistency, and control.”

Download the full case study to read more about how Anchore helped the DoD and the power of Anchore Enterprise and Red Hat OpenShift.

We’re thrilled to have Anchore Enterprise available for trial and purchase on Red Hat Marketplace. If you want to give Anchore Enterprise a spin, visit Anchore’s listing on Red Hat Marketplace.