Anchore Inc

Anchore Inc. specializes in software supply-chain security, offering a tightly focused trio of open-source utilities that address container life-cycle concerns from build to deployment. Grype performs fast, deep vulnerability analysis against container images or arbitrary filesystems, giving DevOps teams a clear risk dashboard before code ever reaches a registry. Syft complements this by cataloging every installed package, library, and dependency to generate a standards-compliant Software Bill of Materials, enabling license tracking, component provenance, and policy-driven acceptance gates. Together, the two tools create an auditable loop in which discovered vulnerabilities are automatically mapped to the exact software layers that introduced them, shortening remediation cycles. Quill extends Anchore’s reach to the distribution stage: it signs macOS binaries on any platform, removing the traditional dependency on Apple hardware when notarizing apps and thus streamlining cross-platform CI pipelines. Typical use cases include nightly container scans in Kubernetes environments, SBOM export for regulatory compliance, and automated signing of universal macOS artifacts built on Linux runners. Anchore’s software is available free of charge on get.nero.com, where downloads are delivered through trusted Windows package sources such as winget, always installing the latest upstream releases and supporting batch installation of multiple applications.