Anchore Secures Containers for AI, Machine Learning and HPC on NVIDIA NGC

SANTA BARBARA, Calif., May 13, 2021 /PRNewswire/ — Today Anchore, a company focused on security and compliance for software containers, announced an expanded collaboration with NVIDIA for container scanning to ensure the security of software hosted on NVIDIA’s NGC catalog. NVIDIA has used Anchore container scanning technology since 2019 and the expanded partnership will include vetting third-party software available on NGC.

NGC  is a curated collection of GPU-optimized artificial intelligence (AI), machine learning (ML), and high-performance computing (HPC) container images that simplify and accelerate end-to-end workflows. The catalog will now integrate Anchore Enterprise container and policy scanning technology to perform automated security checks before containers are published. This integration will rely on Anchore technology to perform security scans for detecting:

  • Software vulnerabilities (CVEs, RHSAs, GHSAs, and others)
  • Container image metadata violations (Dockerfile instructions, layer history)
  • Credential leaks (passwords, tokens, access keys)
  • Permissive service network exposures (open ports)

“Anchore is working with organizations across a variety of industries to secure their container build pipeline by embedding automated security checks and policy controls during the development process,” said Saïd Ziouani, CEO of Anchore. “NVIDIA’s use of Anchore’s enterprise solution gives developers and data scientists access to NGC software that has been vetted for security risks.”

“Developers rely on NVIDIA’s NGC catalog for a wide variety of GPU-accelerated software,” said Adel Hallak, director of product management for NGC at NVIDIA. “Our use of Anchore’s scanning technology can help reassure them that the containers on NGC have been evaluated for critical security risks before they’ve been put into production.”

Growing Demand for Securing Container Marketplaces
Anchore is used to secure both free and paid container marketplaces across a variety of industries and public sector organizations. The U.S. Department of Defense uses Anchore to secure and harden software containers for its Iron Bank repository as part of the Platform One initiative for DevSecOps. Enterprises in telecommunications, manufacturing, and technology industries also deploy Anchore to ensure the security of container images in marketplaces and catalogs that they provide to customers or partners.

“Incorporating Anchore’s container scanning technology to harden images in the Platform One Iron Bank repository has allowed us to drastically increase our security and understanding of the Bill of Materials of third party containers. The Anchore technology is an essential element to how we approach secure software development,” said Nic Chaillan, Chief Software Officer, U.S. Air Force.

About Anchore
Anchore accelerates the development of secure and compliant cloud-native applications. Anchore’s container security solutions seamlessly embed continuous security and compliance checks throughout the software development process. From sourcing to CI/CD pipelines to production, Anchore’s solutions protect the software supply chain and prevent container security risks from reaching production. Using Anchore as part of the DevSecOps toolchain creates a reliable way to detect issues earlier, save developers time and lower the cost to fix vulnerabilities. Built with an open source foundation, Anchore solutions provide transparency into source code and the benefit of peer reviews. Headquartered in California with offices in Virginia and the UK, Anchore customers include large enterprises and government agencies that require secure and compliant cloud-native applications.