Today Anchore, the leader in continuous security and compliance for software containers, announced an expanded collaboration with NVIDIA for container scanning to ensure the security of software hosted on NVIDIA’s NGC catalog. NVIDIA has used Anchore container scanning technology since 2019 and the expanded partnership will include vetting third-party software available on NGC.
NGC is a curated collection of GPU-optimized artificial intelligence (AI), machine learning (ML), and high-performance computing (HPC) container images that simplify and accelerate end-to-end workflows. The catalog will now integrate Anchore Enterprise container and policy scanning technology to perform automated security checks before containers are published. This integration will rely on Anchore technology to perform security scans for detecting:
- Software vulnerabilities (CVEs, RHSAs, GHSAs, and others)
- Container image metadata violations (Dockerfile instructions, layer history)
- Credential leaks (passwords, tokens, access keys)
- Permissive service network exposures (open ports)
“Anchore is working with organizations across a variety of industries to secure their container build pipeline by embedding automated security checks and policy controls during the development process,” said Saïd Ziouani, CEO of Anchore. “NVIDIA’s use of Anchore’s enterprise solution gives developers and data scientists access to NGC software that has been vetted for security risks.”
“Developers rely on NVIDIA’s NGC catalog for a wide variety of GPU-accelerated software,” said Adel Hallak, director of product management for NGC at NVIDIA. “Our use of Anchore’s scanning technology can help reassure them that the containers on NGC have been evaluated for critical security risks before they’ve been put into production.”
Growing Demand for Securing Container Marketplaces
Anchore is used to secure both free and paid container marketplaces across a variety of industries and public sector organizations. The U.S. Department of Defense uses Anchore to secure and harden software containers for its Iron Bank repository as part of the Platform One initiative for DevSecOps. Enterprises in telecommunications, manufacturing, and technology industries also deploy Anchore to ensure the security of container images in marketplaces and catalogs that they provide to customers or partners.
“Incorporating Anchore’s container scanning technology to harden images in the Platform One Iron Bank repository has allowed us to drastically increase our security and understanding of the Bill of Materials of third party containers. The Anchore technology is an essential element to how we approach secure software development,” said Nic Chaillan, Chief Software Officer, U.S. Air Force.