Anchore Enforce

Anchore Enforce is a policy enforcement and compliance management solution for container and software supply chain security. The product enables organizations to define and enforce security policies at every stage of the software development lifecycle. The solution provides pre-built policy packs for federal compliance standards including FedRAMP v5, NIST 800-53, NIST 800-171, NIST 800-190, NIST 800-218 (Secure Software Development Framework), DISA, and Docker CIS benchmarks. Each policy rule maps to specific control versions for audit and evidence generation. Anchore Enforce includes runtime monitoring capabilities that provide visibility into Kubernetes clusters and namespaces running containers. The platform performs continuous compliance verification of production applications and identifies base images causing compliance violations. The product offers license management functionality to prevent use of copyleft licenses and detect unauthorized license changes. It includes Dockerfile controls to limit risky build instructions, prevent unauthorized packages, and restrict elevated privileges. Base image management features ensure only approved golden images are used and detect unauthorized operating systems or end-of-life distributions. Content and metadata inspection capabilities examine file permissions, SUID bits, file hashes, and configuration strings. All policies are stored in JSON format supporting GitOps workflows and programmatic management. The reporting engine generates customizable reports ranging from high-level risk overviews to detailed registry and repository-specific compliance reports.