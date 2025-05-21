Anchore announced the release of Anchore SBOM

May 2025

Anchore announced the next phase of its SBOM strategy with the release of Anchore SBOM. With the addition of Anchore SBOM, Anchore Enterprise now provides a centralized platform for viewing, managing and analyzing Software Bill of Materials (SBOMs), including the capability of "Bringing Your Own SBOMs". Organizations can now gain comprehensive visibility into the software components present in both their internally developed and third-party supplied software to identify and mitigate security and compliance risks.

Driven by the rise of open source software (OSS), which Gartner estimates makes up 70% to 90% of any given software application, only 15% of organizations feel confident in their management practices. Software composition analysis, policy-driven curation of packages, and SBOMs have become increasingly critical for accelerated and safe consumption of OSS, including AI LLMs. Anchore SBOM can import and process SBOMs generated by any tool adhering to the SPDX or CycloneDX standards, creating transparency and establishing a comprehensive inventory of software components and dependencies, regardless of their origin.

Demand for software supply chain transparency is surging due to regulations (NIS2, US Cybersecurity Executive Orders, and CRA, EU’s Cyber Resilience Act), industry mandates (PCI DSS), and sector-specific requirements (FDA, SEC and others). This makes SBOMs essential for enterprises and government agencies seeking critical visibility.

Key features and benefits of Anchore SBOM include:

• Bring your own SBOM: Import SBOMs in SPDX (versions 2.1-2.3), CycloneDX (versions 1.0-1.6), and Syft native formats - analyze components, vulnerabilities and contextual policy violations.

• Validate SBOMs: Assess uploaded SBOM quality to ensure they meet schema standards and contain necessary data for vulnerability scanning.

• Manage SBOMs centrally: Store and group SBOMs to reflect logical organization structures for easier management, control, analysis, and reporting for enhanced collaboration across business and engineering functions.

• Identify vulnerabilities: Identify and report vulnerabilities within uploaded SBOMs for fast and efficient remediation.

• Prioritize and triage with Anchore Score: A prioritized vulnerability rating based on CVSS Score and Severity, EPSS, and CISA KEV data reduces noise and drastically improves triage time.

Anchore Enterprise not only analyzes and stores software information for organizations, but provides a strategic platform for security, engineering, procurement, and legal teams to access, understand, and secure highly complex software supply chains. Anchore represents 10 years of implementing DevSecOps as part of an automated shift left approach to secure software development and continuously managing risks with open source software.