Anchore, the leader in software supply chain security, announced a strategic partnership with Chainguard, the secure foundation for software development and deployment. Together, the companies will combine Chainguard’s zero-CVE hardened container images with Anchore’s high-accuracy scanning and extensive policy frameworks to meet the highest security and compliance standards.
This partnership is a direct response to the record rise of CVEs, the increasing volume of cybersecurity regulations, and the burden placed on platform and security teams to provide ongoing proof of compliance. By leveraging Chainguard’s continuously updated, purpose-built container images, engineering teams can significantly reduce the time spent patching vulnerabilities and maintaining open source images, while Anchore ensures continuous security and automated compliance checks throughout the software development lifecycle.
Cyber Technology Insights : SailPoint to Showcase the Future of Identity Security at Navigate 2025
“We are futureproofing and reducing security concerns for all software vendors.”
“This partnership is a significant step forward for platform and security teams in building greater trust into their software supply chain,” says Brad Bock, Director of Product Management at Chainguard. “By starting with secure-by-default container images, engineers can build on an open source foundation with virtually no known vulnerabilities, immediately reducing the number of security alerts they have to triage. Anchore Enterprise ensures that security and compliance are maintained as they develop their own code on top of our Chainguard Containers.”
Anchore Enterprise is the certified scanner for Chainguard Containers
As part of this partnership, Chainguard has validated that Anchore Enterprise successfully scans Chainguard Containers, producing accurate results with no false positives. Anchore Enterprise is now embedded into Chainguard’s release validation processes and is using Chainguard Containers as part of its testing framework. This technical alignment provides end-users not only with trust and confidence, but also rapid resolution.
- Chainguard addresses the “Start Safe” phase by providing purpose-built container images with a minimal attack surface and virtually no known vulnerabilities.
- Anchore delivers the “Stay Secure and Compliant” phases by providing continuous scanning for vulnerabilities, licenses, secrets, and malware in a user’s own code as it is added and raises alerts as new security and compliance violations are discovered. In addition, it allows for tracking the real-time status of running images for compliance assessments.
Cyber Technology Insights : Cyberhaven to Host First-Ever Virtual Data Defense Forum Focused on AI-Driven Data Security
“Through our partnership with Chainguard, we are futureproofing and reducing security concerns for all software vendors,” says Neil Levine, Head of Product at Anchore. “Engineering teams have been embracing open source code, but often underestimate the time and effort to maintain, update, and backport fixes to stay on top of growing CVEs and threats. This collaboration provides a complete end-to-end solution, delivering a ‘Start Safe, Stay Secure and Compliant forever’ posture for organizations.”
Open source commitment against rising supply chain attacks
With this partnership, Chainguard is committing to continued contributions to Anchore’s open source projects Syft, Grype, and Vunnel. All three projects focus on the highest quality of vulnerability results with the fewest false positives. This collaboration provides users with end-to-end supply chain coverage from start to reaching compliance and ensures the long-term sustainability of the ecosystem of software supply chain security tools.
Cyber Technology Insights : Netrio Unveils Next-Generation NetrioNow, Transforming Managed Services
Source: prnewswire
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
