Anchore and GitLab Announce New Integration to Automate Container Security and Compliance Processes


Anchore, the leading providers of continuous security and compliance for containers, has announced an integration with GitLab, the complete DevSecOps platform, delivered as a single application. With this integration, organizations will be able to automate security and compliance checks from the early stages of the development cycle, speeding software development and reducing risks. Anchore also announces it has joined the GitLab partner program.

Anchore now integrates seamlessly with GitLab to simplify security and compliance workflows for developers and to enable DevSecOps practices. Anchore performs deep container image scanning that identifies vulnerabilities and surfaces a wide range of security and policy infractions, including vulnerabilities and other risks during development. Together, the Anchore and GitLab security integrations will:

Display vulnerability results of container scans directly in GitLab security dashboards
Surface these findings in merge requests that identify changes needed to remediate issues
Enable updating of merge requests with a package version to resolve vulnerabilities
Seamlessly manage the risk profile in one place through GitLab’s Risk Management Framework (RMF), reducing the friction of typical software security scanning

Digital transformation has changed software development practices as organizations seek to deliver applications more quickly and update them more frequently. This shift, combined with increasing cybersecurity threats, requires developers to implement security and compliance checks throughout the DevSecOps life cycle. The integration between Anchore and GitLab helps to automate these DevSecOps best practices for enterprises, government agencies, and open source communities,” said Saïd Ziouani, Anchore CEO and Cofounder.

“Strengthening the software development security and compliance postures of enterprises and public sector organizations is paramount to the missions of both GitLab and Anchore. We are pleased to partner through this integration to help our joint customers to increase their speed to mission delivery and to reduce the risks associated with software development,” said GitLab Vice-President of Global Channels, Michelle Hodges.

The U.S. Department of Defense (DoD) uses both Anchore and GitLab as part of their Platform One Initiative to speed the development of secure and compliant software. Anchore is used to develop hardened containers for Iron Bank (DoD’s software repository for containers) based on DoD best practices.

“Today, more than ever before, security is the most essential aspect of software development for government and critical infrastructure—and is the core of the DoD DevSecOps Initiative and Platform One. Now developers have the ability to push validated code into production on an ongoing basis, resulting in shorter development cycles, less debugging, and more rapid feature development,” said Major Robert Slaughter, Director of DoD Platform One.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x