We are proud to announce, that anchore.io has offered their PRO plan, free of charge to Psono. They perform deep analysis on docker images to scan for CVEs across multiple software artifact, including distro, npm and python packages.With anchore.io its possible for us to define now strict policies to meet our security and compliancy goals.
A beautiful comprehensive UI offering detailed information about your image and security status.
Anchore.io's engine receives its data from multiple sources. Covering all common distros (CentOs, RHEL, Debian, Ubuntu).
In addition they crawl various CVE databases and can scan for vulnerabilities in the packages of the distros themself and npm, ruby and python artifacts.
We cannot emphasize this enough. We are happy that anchore helps us to provide a our software package as secure as possible!