Anchore today announced it has added support for Windows container images to its platform for securing Kubernetes environments and made available a technology preview that adds the ability to analyze NuGet packages for application of policies to .NET frameworks and artifacts.
Announced at the GitHub Satellite virtual conference, version 2.3 of Anchore Enterprise also adds integration with the GitHub Advisory Database. Anchore will monitor GitHub Security Advisories to provide another data feed for potential vulnerabilities.
Finally, Anchore Enterprise 2.3 also provides an updated reporting service, which allows users to schedule and generate custom reports.
Neil Levine, vice president of products for Anchore, says the support of Windows container images will make it possible for organizations that are deploying containers on Windows platforms to embrace best DevSecOps practices.
Most organizations running Windows today are not as far along the container adoption curve as IT teams that employ Linux. However, Levine says that as Microsoft continues to promote the adoption of containers, it’s now only a matter of time before more organizations will need to secure those containers. Anchore has already been working with a handful of organizations on such projects, he notes Levine, adding there has also been a significant increase in DevOps adoption among organizations that run Windows.
Awareness of DevOps within Windows environments has naturally increased since Microsoft acquired GitHub. That, coupled with its decision to embrace containers for Windows platform, shows Microsoft is encouraging its Windows developer community to rethink how they build and deploy applications in much the same way IT organizations that employ Linux on the Microsoft Azure cloud.
Of course, containers that run on Windows platforms are not portable to Linux. Organizations will need separate container security tools for each platform, but Anchore provides a means to have a common management plane for both environments.
It’s not clear to what degree organizations that run Windows are embracing containers. However, the rate at which containers are being deployed on Windows has increased considerably. Containers may not exist in the same volume as they do on Linux platforms, but they are becoming more pervasive. As that rate of adoption increases, IT teams running Windows will encounter a raft of container security issues that will need to be addressed. Foremost among those issues will be the need to meld their developer and cybersecurity cultures.
Much like any organization embracing DevSecOps, the biggest issue to overcome is not so much container security technologies as much as it is getting cybersecurity teams to trust developers to implement cybersecurity controls. Of course, cybersecurity teams still will need to define those controls and verify that they have been implemented. However, cybersecurity professionals historically have not had a lot of confidence in the level of appreciation developers have for cybersecurity. Like it or not, however, given the chronic shortage of cybersecurity expertise available, teaching developers how to implement cybersecurity controls is now the only best option.