Anchore and Chainguard Partner to Deliver Next-Generation Supply Chain Security
The partnership delivers a "Start Safe, Stay Secure and Compliant" posture by uniting Chainguard's hardened container images with Anchore's SBOM scanning and policy framework.
SANTA BARBARA, Calif., Sept. 23, 2025 /PRNewswire/ -- Anchore, the leader in software supply chain security, announced today a strategic partnership with Chainguard, the secure foundation for software development and deployment. Together, the companies will combine Chainguard's zero-CVE hardened container images with Anchore's high-accuracy scanning and extensive policy frameworks to meet the highest security and compliance standards.
This partnership is a direct response to the record rise of CVEs, the increasing volume of cybersecurity regulations, and the burden placed on platform and security teams to provide ongoing proof of compliance. By leveraging Chainguard's continuously updated, purpose-built container images, engineering teams can significantly reduce the time spent patching vulnerabilities and maintaining open source images, while Anchore ensures continuous security and automated compliance checks throughout the software development lifecycle.
"This partnership is a significant step forward for platform and security teams in building greater trust into their software supply chain," says Brad Bock, Director of Product Management at Chainguard. "By starting with secure-by-default container images, engineers can build on an open source foundation with virtually no known vulnerabilities, immediately reducing the number of security alerts they have to triage. Anchore Enterprise ensures that security and compliance are maintained as they develop their own code on top of our Chainguard Containers."
Anchore Enterprise is the certified scanner for Chainguard Containers
As part of this partnership, Chainguard has validated that Anchore Enterprise successfully scans Chainguard Containers, producing accurate results with no false positives. Anchore Enterprise is now embedded into Chainguard's release validation processes and is using Chainguard Containers as part of its testing framework. This technical alignment provides end-users not only with trust and confidence, but also rapid resolution.
- Chainguard addresses the "Start Safe" phase by providing purpose-built container images with a minimal attack surface and virtually no known vulnerabilities.
- Anchore delivers the "Stay Secure and Compliant" phases by providing continuous scanning for vulnerabilities, licenses, secrets, and malware in a user's own code as it is added and raises alerts as new security and compliance violations are discovered. In addition, it allows for tracking the real-time status of running images for compliance assessments.
"Through our partnership with Chainguard, we are futureproofing and reducing security concerns for all software vendors," says Neil Levine, Head of Product at Anchore. "Engineering teams have been embracing open source code, but often underestimate the time and effort to maintain, update, and backport fixes to stay on top of growing CVEs and threats. This collaboration provides a complete end-to-end solution, delivering a 'Start Safe, Stay Secure and Compliant forever' posture for organizations."
Open source commitment against rising supply chain attacks
With this partnership, Chainguard is committing to continued contributions to Anchore's open source projects Syft, Grype, and Vunnel. All three projects focus on the highest quality of vulnerability results with the fewest false positives. This collaboration provides users with end-to-end supply chain coverage from start to reaching compliance and ensures the long-term sustainability of the ecosystem of software supply chain security tools.
Additional resources:
Anchore announces Chainguard partnership
Chainguard introducing latest integration with Anchore Enterprise
Webinar: Establishing continuous compliance with Anchore & Chainguard: Automating Container Security
About Anchore
Anchore empowers organizations to secure their software supply chains with speed and confidence. Anchore Enterprise delivers comprehensive SBOM management, industry-leading vulnerability management, and advanced policy enforcement for containers and beyond. By eliminating friction in software delivery and compliance, Anchore customers such as NVIDIA, Cisco, eBay, and government agencies including the U.S. Department of Defense and U.S. Department of Homeland Security, ship software faster while meeting the most rigorous security and regulatory standards. For more information, visit https:///www.anchore.com
About Chainguard
Chainguard is the secure foundation for software development and deployment. By providing trusted open source software with Chainguard Containers, VMs, and Libraries, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, Canva, Fortinet, Hewlett Packard Enterprise, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: https://www.chainguard.dev/
Media Contact:
Brandie Gerrish
press@anchore.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/anchore-and-chainguard-partner-to-deliver-next-generation-supply-chain-security-302563612.html
SOURCE Anchore