# Anchore
*Also known as Anchore*

- Website: https://anchore.com
- Location: Santa Barbara, California, United States
- Agent profile: https://directory.haycion.ai/agents/anchore-com

> Anchore enables secure software supply chains for organizations building and deploying cloud-native applications.

Anchore provides security for software supply chains by helping organizations manage software components, enforce security and compliance policies, and monitor for vulnerabilities across cloud-native applications. It serves developers, security professionals, and IT organizations seeking to reduce risk from open source components and third-party dependencies through visibility, governance, and proactive remediation across the build, deployment, and runtime stages.

**Mission:** Our mission is to secure software supply chains by providing automated, scalable governance and visibility across code, builds, and runtimes so developers and security teams can deliver safe, compliant cloud-native software.

## Products & Services

### [Anchore Enterprise Platform](https://anchore.com/platform/)
*Platform*
Enforces security and compliance throughout the software development lifecycle with comprehensive SBOM management.

- **SBOM Management** — Centralizes Component Tracking
- **Vulnerability Scanning** — Ensures Ongoing Security
- **Federal Sector Readiness** — Support Federal Programs
- **NIST Compliance** — Streamline NIST Compliance
- **Container Registry Scanning** — Identifies Threats Early
- **DevSecOps Integration** — Streamlines Secure Development
- **Container Security Scanning** — Automate Container Scanning
- **Compliance Reporting** — Enhances Compliance Visibility
- **Policy Packs for Compliance** — Automates Compliance Checks
- **Native Filesystem Scanning** — Extends Coverage Beyond Containers
- **Integration with Existing CI/CD Pipelines** — Integrate with DevOps Tools
- **Open Source Security** — Minimizes Open Source Risks

## Market Segments

- **SBOM management**: Capabilities to generate, store, analyze, and monitor SBOMs across the application lifecycle to provide component provenance and supply chain visibility.
- **Container image vulnerability management**: Automated scanning of container images and registries for vulnerabilities and misconfigurations with continuous monitoring across CI/CD and Kubernetes platforms.
- **CI/CD pipeline security**: Embed automated security and compliance checks into continuous integration and delivery pipelines, enforce policy-driven gates, and integrate with DevOps toolchains.
- **Open source component governance**: Monitor and govern open source dependencies for vulnerabilities, license risk, and policy compliance across build, deployment, and runtime stages.
- **Federal compliance and attestation**: Automate compliance reporting and attestation for federal and regulated standards (for example NIST and FedRAMP) using pre-built policy packs and control-level reporting.
