Embed Size (px)
Citation preview
Deploy Containers with Confidence
ANDREW CATHROW | JULY 2016
Introduction to Anchore Project
2
CONTAINERS REPRESENT THE FUTURE
Source: NGINX App Development survey, Nov 2015
3
DEVELOPERS HAVE OUTPACED OPERATIONS AND SECURITY
4
NEW SOFTWARE SUPPLY CHAIN
5
STRIKING THE RIGHTBALANCE
6
Anchore is a container image management and analytics toolset. Anchore provides you with insight and control over the contents of your containers from
the start of development all the way to production.
Deploy containers with confidence
TransparencyUncover and track the contents of
application containers with a consistent set of tools
PredictabilityStart from a known set of certified
containers that have been vetted for critical bugs, security vulnerabilities,
and functional completeness
ControlApply operations and security best practices through enforcement of
flexible policies at every stage in the container lifecycle
7
DEMOCRATIZATION OF CERTIFICATION
8
DEMOCRATIZATION OF CERTIFICATION
MUST BE OPEN
9
DEMOCRATIZATION OF CERTIFICATION
MUST BE OPEN SOURCE
10
WHAT IS CERTIFICATION ?
MORE THAN JUSTSECURITY
KEY TENANTS
11
Open Open Source - allowing community effect to drive grassroots adoption, rapidly extend feature set and to enable auditing to provide confidence.
Extensible Highly modular and extensible - allowing customers or 3rd parties to extend analysis, reporting and policy modules.
Cross Platform
Works with any container runtime on premise or in the cloud.Not tightly linked to any individual runtime, CI/CD or orchestration platform.
Developer Focused
With features that appeal to developers in addition to ops and security .
Data Driven
Huge amount of data to collect and analyze from public and private container registries, operating system distributors and package repositories.
On Premise Registry
Public Registries
VendorRegistries
TYPICAL CONTAINER WORKFLOW
On Premise Registry
Operations& Security
Create / Modify base image
Public Registries
VendorRegistries
TYPICAL CONTAINER WORKFLOW
Developer Apps
Build
TestOn Premise Registry
Developer
TYPICAL CONTAINER WORKFLOW
Developer Apps
Build
On Premise Registry
Developer
Deploy
Public Cloud
On PremiseServers
Test
AnalyzePull containers from public
container registries
Collect vulnerability data CVE/NVD etc
Anchore Cloud
Anchore Database
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Anchore API{ }
LocalAnchore
Database
SyncSubscription data
Operations& Security
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Anchore API{ }
LocalAnchore
Database
Operations& Security
Define Policies
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Anchore API{ }
LocalAnchore
Database
Developer
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Analysis modules
Anchore API{ }
LocalAnchore
Database
Analyze
Developer
● Image metadata● Package metadata● File list● File checksums● SUID files
Default modules
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Test
Analysis modules
Anchore API{ }
LocalAnchore
Database
Analyze
Developer
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Analysis modules
Anchore API{ }
LocalAnchore
Database
Analyze
Developer
Gate modules
Evaluate
Test● Dockerfile check● Package checks● File SUID checks● CVE Checks
Default modules
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Analysis modules
Anchore API{ }
LocalAnchore
Database
Analyze
Developer
Gate modules
Evaluate
On Premise Registry
Test
Anchore Cloud
Anchore Database
Anchore API{ }
LocalAnchore
Database
Query modules
Query
● Gate checks● Package queries● File queries● Base image queries
Default modules
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Test
Analysis modules
Anchore API{ }
LocalAnchore
Database
Analyze
SyncSubscription data
Developer
Gate modules
Evaluate
On Premise Registry
Operations& Security
Define Policies
DEMO - OPEN SOURCE ENGINE
26
MOVING FORWARD
27
Work with open source community
Provide commercial offering with expanded set of modules, integrations and data feeds
BETA this summer
