Anchore Partners With GitLab to Accelerate, Reduce Risks in Software Development

Anchore has entered into a partnership with GitLab to streamline DevSecOps processes and reduce re-work for software developers.

The partnership focuses on integrating Anchore’s deep container image scanning capabilities with the GitLab DevSecOps platform, allowing organizations to automate security and compliance checks from the early stages of software development.

The joint offering can identify vulnerabilities from container scans, which are presented in security dashboards, and generate merge requests to give developers an idea of how to remediate existing issues, Anchore said.

The merge requests can then be updated with a package version to resolve vulnerabilities. Additionally, the integration allows organizations to manage the risk profile in one place through GitLab's risk management framework.

Said Ziouani, chief executive officer and co-founder of Anchore, said in a statement that digital transformation, coupled with increasing cybersecurity threats, have necessitated the implementation of security and compliance checks throughout the DevSecOps life cycle.  

According to Ziouani, the integration between Anchore and GitLab helps automate DevSecOps best practices for enterprises, government agencies and open-source communities.

Michelle Hodges, GitLab’s vice president of global channels, welcomed the opportunity to help customers accelerate mission delivery and reduce software development risks.

Anchore and GitLab are being used by the Department of Defense to power a DevSecOps initiative called Platform One. Anchore is helping develop hardened containers for Iron Bank, a storage for software container images.

The companies plan on hosting a webinar on March 4, titled “A Day in the Life of a Developer: Accelerating Software Delivery Without Compromising Security,” to further explain how the integration enables public sector customers to achieve digital transformation.