Federal Software Compliance

Enforce federal software supply chain security compliance

Automate policy enforcement, compliance and reporting for the U.S. Department of Defense DISA STIGs, Iron Bank, FedRamp, NIST and CISA policies.

Comply with Federal Security Standards

The federal policy library includes new controls such as inspecting for malware and secrets, scanning for known vulnerabilities, and generating software bill of materials (SBOM).

Automate Policy Enforcement

Alert application developers or security engineers to failures as software is being developed and built instead of before your compliance audit.

Streamline Reporting

Anchore’s reporting capabilities enable security teams to demonstrate their level of compliance as part of formal reporting requirements.

The Anchore policy library consists of controls and policies to help organizations reach compliance.

NIST Special Publication 800-190

Application Container Security Guide

NIST Special Publication 800-53 Revision 5

Security and Privacy Controls for Information Systems and Organizations

NIST Special Publication 800-218

Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities

U.S. Department of Defense

Defense Information Systems Agency (DISA) STIG Guidelines

U.S. Department of Defense

Defense Information Systems Agency (DISA) Container Image Creation and Deployment Guide


Vulnerability Scanning Requirements for Containers


Known Exploited Vulnerabilities Catalog

Platform One Iron Bank

Explore our solutions

Federal Compliance

Automate compliance checks using out-of-the-box and custom policies.

Open Source Security

Improve open source security by easily tracking direct and transitive open source dependencies to identify and fix vulnerabilities early.


Automate DevSecOps for your cloud-native software supply chain with an API-first DevSecOps solution.

Container Security

Identify and remediate container security risks and monitor post-deployment for new vulnerabilities.

FedRAMP Vulnerability Scanning

Meet the new FedRAMP Vulnerability Scanning Requirements for Containers and achieve compliance faster with Anchore.

Container Vulnerability Scanning

Reduce false positives and false negatives with best-in-class signal-to-noise ratio.

Kubernetes Images Scanning

Allow or prevent deployment of images based on flexible policies and continuously monitor the inventory of insecure images running in your clusters.

Container Registry Scanning

Identify and remediate new risks and vulnerabilities as they emerge.

CI/CD Security & Compliance

Embed security and compliance into your CI/CD pipeline to uncover vulnerabilities, secrets, and malware in your automated build processes.

Software Bill of Materials

Get comprehensive visibility of your software components and ensure vulnerability accuracy with the most complete SBOM available. Generate, store, analyze, and monitor SBOMs across the application lifecycle to identify software dependencies and improve supply chain security.

Container Compliance

Automate compliance checks using out-of-the-box and custom policies.

Speak with our security experts

Learn how Anchore’s SBOM-powered platform can help secure your software supply chain.