VulnDB and Anchore Enterprise
Enhanced Vulnerability Data for Anchore Enterprise Users
The VulnDB Integration for Anchore Enterprise
Anchore Enterprise users can benefit from an extra layer of security by using the VulnDB integration, which allows organizations to analyze container images at any point in the development process.
The powerful Anchore Enterprise solution provides organizations the flexibility needed to comply with complex enterprise, industry, and government standards. Users benefit from Anchore Enterprise’s large and vibrant community of contributors who maintain a set of useful integrations and policy bundles, enabling developers to perform introspection and analysis, security scanning and policy enforcement on container images.
Enhanced Feed Comparison for Anchore Enterprise
Users that deploy Anchore Enterprise with the enhanced vulnerability feed powered by VulnDB will benefit from increased fidelity, accuracy and liveness of image vulnerability results.
Our VulnDB database spans over 256,000 vulnerabilities and covers more than 28,000 vendors, thousands of OSS/third-party libraries and has over 83,000 vulnerabilities that are not found in CVE or NVD. VulnDB provides customers with deeper metadata than what is available publicly and allows development, security, and operations teams to make more informed vulnerability and policy management decisions around their container image workloads at any point in the CI/CD pipeline.
Anchore performed their own research on some commonly used images between Anchore Enterprise without VulnDB and Anchore Enterprise with VulnDB to investigate the deltas. This is what they found:
Click here for more information on VulnDB’s impact on Anchore Enterprise.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications.
A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.