VulnDB and Anchore Enterprise
Enhanced Vulnerability Data for Anchore Enterprise Users
The VulnDB Integration for Anchore Enterprise
Anchore Enterprise users can benefit from an extra layer of security by using the VulnDB integration, which allows organizations to analyze container images at any point in the development process.
The powerful Anchore Engine provides organizations the flexibility needed to comply with complex enterprise, industry, and government standards. Users benefit from Anchore Engine’s large and vibrant community of contributors who maintain a set of useful integrations and policy bundles, enabling developers to perform introspection and analysis, security scanning and policy enforcement on container images.
Enhanced Feed Comparison for Anchore Enterprise
Users that upgrade to Anchore Enterprise will benefit from an extra layer of security which allows organizations to analyze images at any point in the development process. With the release of Anchore Enterprise 2.1, customers have access to enhanced vulnerability data from VulnDB for increased fidelity, accuracy, and live-ness of image vulnerability scanning results.
Our VulnDB database spans over 220,000 vulnerabilities and covers more than 24,000 vendors, 2,000 OSS/third-party libraries and has over 72,000 vulnerabilities that are not found in CVE or NVD. VulnDB provides customers with deeper metadata than what is available publicly and allows development, security, and operations teams to make more informed vulnerability and policy management decisions around their container image workloads at any point in the CI/CD pipeline.
Anchore performed their own research on some commonly used images between Anchore Engine (no VulnDB) and Anchore Enterprise (with VulnDB) to investigate the deltas. This is what they found:
Click here for more information on VulnDB’s impact on Anchore Enterprise.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications.
A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.