The News
Anchore, a leader in cloud-native software composition analysis, announced the release of Anchore SBOM. This extension of its Anchore Enterprise platform provides comprehensive support for importing, managing, and analyzing externally generated Software Bills of Materials (SBOMs).
The new feature—Bring Your Own SBOM (BYOS)—enables organizations to ingest SBOMs from any tool that adheres to SPDX or CycloneDX standards. This update demonstrates how Anchore Enterprise is a centralized hub for software supply chain security, spanning internally developed and third-party software.
Analysis
As software supply chains grow more complex and distributed, centralized SBOM visibility is no longer optional. Anchore Enterprise’s BYOS functionality future-proofs organizations against rising compliance demands while improving resilience against supply chain attacks. This update transforms Anchore from a tool into a trusted platform for managing software trust.
Centralized SBOM Management for a Fragmented Ecosystem
Open source software (OSS) now constitutes 70–90% of a typical application, according to industry analysts, yet only 15% of organizations feel confident in their ability to manage it effectively. Anchore SBOM solves this by providing:
- Universal format support (SPDX 2.1–2.3, CycloneDX 1.0–1.6, and Syft)
- Schema validation and quality checks
- Component and vulnerability analysis
- Centralized grouping and role-based access
This visibility enables teams to make data-informed risk, licensing, and compliance decisions across the entire software portfolio.
Policy Enforcement Meets Vulnerability Intelligence
Anchore’s longstanding strength lies in embedding security into the software delivery lifecycle—scanning containers, analyzing OSS, and enforcing policy gates across CI/CD pipelines. With BYOS, Anchore now extends this policy enforcement to third-party and externally sourced software:
- Imported SBOMs are assessed for completeness and quality
- Contextual policy violations are flagged based on organizational security thresholds
- Vulnerabilities are prioritized using the Anchore Score, which incorporates:
- CVSS and severity ratings
- EPSS (Exploit Prediction Scoring System)
- CISA Known Exploited Vulnerabilities (KEV)
This dramatically improves triage efficiency, particularly in regulated industries.
Rising Urgency on Regulation and Compliance
Global regulations are rapidly mandating SBOM adoption:
- US Executive Orders, NIS2, EU Cyber Resilience Act
- Industry mandates like PCI DSS, and sectoral compliance from the FDA to the SEC
Anchore’s platform helps customers like NVIDIA, Cisco, the US Navy, and the Department of Defense manage compliance requirements with SBOM-centric workflows tailored to the highest security standards.
Enterprise Use Cases: Beyond Security Teams
Anchore’s strategic positioning is not just a developer or security tool—it’s a multi-stakeholder governance platform. With SBOMs at the core, teams across:
- Security — gain insight into vulnerabilities and policy adherence
- Engineering — track dependencies and reduce technical debt
- Legal and Procurement — validate licensing and third-party risk
This cross-functional access drives adoption beyond DevSecOps into holistic enterprise risk management.
Arkose Agent Trust Manager: Classifying Agentic AI Threats
StorMagic and Supermicro Target Edge Virtualization Costs
SurfaceGX Brings AI Crawlability Repair to Self-Serve
CData’s New Dev Tools Tackle Enterprise AI Data Access
Lightrun Runtime PR Verifier: Catch Production Bugs Before Merge
AI Code Governance: GitLab Report Reveals a Control Crisis
Stay Ahead of Application Development Trends
Get weekly analyst insights, research notes, event coverage, and AppDevANGLE updates delivered directly to your inbox.
Subscribe for Weekly Insights
Join technology leaders, practitioners, and GTM teams following the trends shaping modern software delivery.
Looking for deeper research access?
Explore ECI Research reports, survey insights, and market analysis through the ECI Research Portal.
