Chainguard's Enforce Platform Boosted With New Capabilities |
Written by Nikos Vaggalis |
Thursday, 20 July 2023 |
Enforce, Chainguard's enterprise-ready platform for supply chain security in containerized applications has been upgraded to provide major new features that enable secure software development across every step of the software supply chain. Chainguard/Sigstore is no stranger when it comes to supply chain security, and we here at I Programmer know all about it having dedicated quite a few articles to it, the latest being Sigstore Java - Sign And Verify Your Java Builds, which was about a tool for signing and verifying Java package distributions with Sigstore's keyless signing. In Surveying Software Supply Chain Security we looked at Chainguard's survey that addressed the questions:
It seems that Chainguard is continuously on the move, producing solutions looking to secure the software supply chain. Enforce is Chainguard's solution for end-to-end supply chain security for containerized workloads. It enables engineering and security teams to ensure continuous compliance through policy enforcements utilizing open source projects and standards that are trusted by the community. Its main selling points are :
Chainguard has just announced an upgrade to its Enforce platform with the new capabilities of automatic SBOM generation and vulnerability analysis reporting; just in time for the federal government's mandate on implementing stronger software security standards and requirements for vendors. These new capabilities include:
With the new SBOM features in Enforce, the platform will automatically ingest SBOMs attached to your container images and allow you to search packages and track them back to the workloads and clusters they are running in.
This ensures you are always aware of any new vulnerabilities that could affect your workloads, and you no longer need to implement vulnerability scan generation in your build pipelines. If a critical or high impact vulnerability is discovered, you’ll easily be able to find out if it’s running in your cluster.
So if you are workloads run on Kubernetes, Enforce can secure the software supply chain by being armed with capabilities like workload discovery, policy enforcement, continuous verification and now, ingesting and generating SBOMs, deep vulnerability analysis reporting and a private signing infrastructure. These capabilities come as a life saver now, at a time that the federal government is requiring the filling of CISA self-attestation forms, which require CEOs or a delegated leader to attest to the security and integrity of software developed by their teams whether its first-party or third-party code.
More Information
Related ArticlesSigstore Java - Sign And Verify Your Java Builds Surveying Software Supply Chain Security Wolfi Linux (Un)Distribution Secures The Software Supply Chain Protect The Software Supply Chain With Gitsign
To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.
Comments
or email your comment to: comments@i-programmer.info |
Last Updated ( Thursday, 20 July 2023 ) |