Anchore continues to expand into software supply chain security market

SANTA BARBARA, Calif., January 28, 2022 /PRNewswire/ — Anchor today announced strong results in the software supply chain security market over the past year. With software supply chain security concerns driving demand for automated tools and an increase in industry adoption of SBOM, Anchore delivered new product capabilities as the market exploded. adoption of its open source tools and continued to proactively prepare its customers and organizations. for the inevitable future breaches and hacks.

Focus on Software Supply Chain Security
2021 began with the fallout from the SolarWinds SUNBURST attack and ended with multiple exploits against the Log4j zero-day vulnerability, highlighting the critical importance of securing the software supply chain. According to Anchore 2022 Software Supply Chain Security Report, 62% of enterprises were affected by a software supply chain security attack in the past year. Software vendors face heightened risk, with 73% hit by an attack.

The report also highlights that organizations are responding to these risks, with 54% placing a high priority on securing the software they create and use. As the U.S. Executive Order on Improving the Nation’s Cybersecurity highlights Software Bill of Materials (SBOM) as a critical foundation for supply chain security, 76% of organizations plan to increase the use of SBOM next year. The importance of SBOMs, combined with the need for automated tools and continuous security checks in the development process, is driving significant growth in Anchore’s software supply chain management solutions.

“Recent security breaches have catapulted the topic of software security to the forefront of professional conversations everywhere. Software supply chain security not only impacts the software industry, today every organization needs to strengthen its security practices to reduce risk in its cloud-native applications,” mentioned Said Ziouani, CEO of Anchore. “Last month’s Log4j zero-day vulnerability underscores the need for organizations to use SBOMs and automated tools to reduce the risk of successful attacks and expedite remediation of the next zero-day vulnerability.”

Customer Growth
In 2021, Anchore saw its ARR increase 2.5x over the previous year as organizations sought to proactively secure their software supply chains against growing exploits. Anchore’s customers include the world’s largest enterprises as well as government agencies. In 2021, Anchore welcomed top Fortune 100 organizations to the list of customers, joining dozens of Global 500 organizations and major software companies that use Anchore technology to secure their software supply chains. new customer NVIDIA uses Anchore to secure containers for AI, Machine Learning and High Performance Computing on NVIDIA NGC.

Anchore more than tripled its government customers in 2021, adding the US Space Force Kobayashi Maru program as well as numerous programs across the US Air Force, US Department of Defense, US General Services Administration, US Navy, US Marine Corps, and Defense Information Systems Agency (DISA). Anchore also expanded its relationship with the US Air Force’s Platform One program with a $4.6M contract to strengthen its software supply chain with a focus on container scanning technology and services.

Product extension
Over the past twelve months, the company has enhanced its software supply chain management capabilities, with several releases of the Anchore Enterprise platform. New features include:

  • Expanded software supply chain coverage by making the security status of running images visible to developers and security teams, reducing the risk of insecure code being included in production applications.
  • Extensive remediation capabilities with remediation recommendations and automated workflows.
  • A new FedRAMP Policy Pack which enables software vendors and cloud service providers to identify and resolve containerized application compliance issues and shorten the time to obtain a FedRAMP certification as an Authority to Operate (ATO).
  • Ability to automate STIG checks for cloud-native applications and provide a unified view of vulnerabilities and STIG compliance vulnerabilities required by US Department of Defense applications.
  • A new policy pack that alerts on vulnerabilities found in the CISA Catalog of Known Exploited Vulnerabilities.

Rapid adoption of open source tools
Anchore has seen an acceleration in the adoption of its two open-source software supply chain security tools that easily integrate into development processes and toolchains. Syfta tool that performs deep inspection of container images and filesystems to generate an SBOM, now has over 400,000 downloads, representing a 150% increase in the last 5 months. nibble, a vulnerability scanner, now has over 500,000 downloads, an 80% increase over the same period. Together, Syft and Grype have garnered over 4,500 stars on GitHub, a tenfold increase since the start of 2021.

Syft and Grype’s 2021 updates include the ability to generate accurate SBOMs and vulnerability reports via plugins to popular CI/CD systems including GitHub, GitLab, and Jenkins. Syft has also added support for the Software Package Data Exchange (SPDX) standard, which makes it easier to share data between systems and organizations. SPDX is an internationally recognized ISO standard for SBOMs that is sponsored by the Linux Foundation.

“The ability to produce accurate SBOM and vulnerability results from a wide variety of software artifacts has led to the growing adoption of Syft and Grype by the open source community and end users, especially as more and more project maintainers are looking to include security tools directly in their development environments,” said Daniel Nourmi, CTO and co-founder of Anchore. “During the initial and ongoing response to the zero-day Log4j vulnerability, practitioners were able to quickly and easily identify the presence of Log4j in their software environments using Anchore’s Syft and Grype tools, even when the library was down. nested many levels deep inside the Java Archive, which has led to a surge in downloads and usage.”

“As companies seek to accelerate their operational speed, an increasing number of them are focusing on improving their development experience. The challenge these organizations face is how to provide a frictionless experience for their developers. while simultaneously improving their overall security posture,” said Stephen O’Grady, principal analyst at RedMonk. “One approach that is gaining popularity is integrating API-based security resources into their existing developer toolchains. This is exactly the opportunity that Syft and Grype were designed for.”

For more information on Anchore’s technology and software supply chain security offerings, visit

About Anchore
Anchore is a leader in software supply chain security and enables organizations to protect cloud-native applications against software supply chain attacks. Anchore technology incorporates continuous security and compliance checks into every step of the software development process to prevent security risks from reaching production. Large enterprises and government agencies use Anchore solutions to generate comprehensive software bills of materials, identify vulnerabilities, identify malware, and uncover unprotected credentials that can lead to hacks and ransomware. With an API-centric approach, Anchore solutions integrate with the tools developers already use to detect issues earlier, saving time and reducing the cost of remediating vulnerabilities. To find out more visit

Note to Editors:
– Experts available for comments upon request

Press contacts:

Brandie Gerrish
[email protected]


Comments are closed.