Anchore Extends Best-in-Class Container Security Offering with Bring Your Own SBOM support

Anchore Enterprise is a powerful, cost-effective, and compliant management, monitoring, and automation tool for understanding and securing complex software supply chains.

SANTA BARBARA, Calif., May 21, 2025 /PRNewswire/ -- Anchore, the market leader in software composition analysis for cloud native platforms, today announced the next phase of its SBOM strategy with the release of Anchore SBOM. With the addition of Anchore SBOM, Anchore Enterprise now provides a centralized platform for viewing, managing and analyzing Software Bill of Materials (SBOMs), including the capability of "Bringing Your Own SBOMs". Organizations can now gain comprehensive visibility into the software components present in both their internally developed and third-party supplied software to identify and mitigate security and compliance risks.

SBOMs are at the core of how we establish trust in the delivery pipeline

Driven by the rise of open source software (OSS), which Gartner estimates makes up 70% to 90% of any given software application, only 15% of organizations feel confident in their management practices. Software composition analysis, policy-driven curation of packages, and SBOMs have become increasingly critical for accelerated and safe consumption of OSS, including AI LLMs. Anchore SBOM can import and process SBOMs generated by any tool adhering to the SPDX or CycloneDX standards, creating transparency and establishing a comprehensive inventory of software components and dependencies, regardless of their origin.

Demand for software supply chain transparency is surging due to regulations (NIS2, US Cybersecurity Executive Orders, and CRA, EU's Cyber Resilience Act), industry mandates (PCI DSS), and sector-specific requirements (FDA, SEC and others). This makes SBOMs essential for enterprises and government agencies seeking critical visibility.

Key features and benefits of Anchore SBOM include:

• Bring your own SBOM: Import SBOMs in SPDX (versions 2.1-2.3), CycloneDX (versions 1.0-1.6), and Syft native formats - analyze components, vulnerabilities and contextual policy violations.
• Validate SBOMs: Assess uploaded SBOM quality to ensure they meet schema standards and contain necessary data for vulnerability scanning.
• Manage SBOMs centrally: Store and group SBOMs to reflect logical organization structures for easier management, control, analysis, and reporting for enhanced collaboration across business and engineering functions.
• Identify vulnerabilities: Identify and report vulnerabilities within uploaded SBOMs for fast and efficient remediation.
• Prioritize and triage with Anchore Score: A prioritized vulnerability rating based on CVSS Score and Severity, EPSS, and CISA KEV data reduces noise and drastically improves triage time.

"At Anchore, we know that securing the software delivery pipeline is necessary to secure the software being delivered; that's why we secure software during development, delivery, and post-deployment. We built Anchore Enterprise to be embedded into the CI/CD pipeline - it analyzes OSS risks, enforces policy gates throughout delivery, and scans continuously thereafter. SBOMs are at the core of how we establish trust in the delivery pipeline and therefore in the software you are delivering," says Neil Levine, SVP of Product at Anchore. "Our flagship customers, NVIDIA, Cisco, US Navy, and Department of Defense, have been, for years, relying on our SBOM centric approach to security to gauge their risks and meet the highest level of security standards."

Anchore Enterprise not only analyzes and stores software information for organizations, but provides a strategic platform for security, engineering, procurement, and legal teams to access, understand, and secure highly complex software supply chains. Anchore represents 10 years of implementing DevSecOps as part of an automated shift left approach to secure software development and continuously managing risks with open source software.

Additional Resources:

• Blog
• Launch webinar

About Anchore:

Anchore is a leader in software supply chain security for modern cloud-native environments. Our SBOM powered software composition analysis embeds continuous security and compliance checks at every stage of the software development process for early detection.  Large enterprises and government agencies use Anchore Enterprise to create comprehensive software bills of materials, continuous visibility, vulnerability management, compliance enforcement, and trust in their software supply chain.

Contact:
Brandie Gerrish
Director of Marketing
marketing@anchore.com
www.anchore.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/anchore-extends-best-in-class-container-security-offering-with-bring-your-own-sbom-support-302461851.html

SOURCE Anchore