With the added features, Enforce can now generate and ingest software bills of materials for container images, automate vulnerability scans and generate reports. Credit: NoLimit46 / GettyImages Software supply chain security provider Chainguard is adding a suite of new capabilities to its native Kubernetes security and compliance platform Enforce. The new capabilities include automatic generation and ingestion of software bills of materials (SBOMs) for container images, vulnerability scans, report generation, and a central console. Enforce was launched last year for securing deployment of container images by helping developers defining and enacting policies for them. Automated SBOM ingestion With the new SBOM features in Enforce, the platform will automatically ingest SBOMs attached to container images and will convert the SBOM's JSON structure into structured data that can be queried with a database. Such automation is vital if organizations are to make use of SBOMs, said Katie Norton, an analyst with IDC. "For SBOMs to be an effective mechanism for aiding in the security of the software supply chain at scale, they must be operationalized and integrated into daily operations, existing tools, and security ecosystems," said Norton. "In the event of a security incident or vulnerability, organizations need the ability to query all their software’s SBOMs instantly." Being able to query SBOMs across the application portfolio enables the organization to determine the impact rather than wait for each application development team to provide them with individual assessments or waste valuable time scanning each application again, Norton added. Enforce will automatically create SBOMs for container images without them using Syft, an open source framework and library. Centralized console Enforce is also adding a search functionality in the platform's console, allowing developers to easily search for specific packages, versions, licenses, or a file within their SBOMs. "Organizations need SBOM management solutions, like what Chainguard is offering, that provide a centralized repository," Norton said. "As modern applications typically include open source and third-party commercial libraries along with internally developed code, these solutions must be able to ingest SBOMs external to the organization. Further, the solution must be able to reconcile and normalize SBOM data to provide a unified, organization-wide view." The centralized console's search and filter capabilities will further help in investigating vulnerabilities, according to the company. Additionally, Enforce will automatically generate daily vulnerability reports for supported container workloads using Grype, an open-source vulnerability scanner developed and maintained by the Anchore project. Vulnerability reports are automatically created using the previously generated or ingested SBOM for each container image by focusing the scans on the list of available packages used in a workload. All the new features are available as part of the Enforce platform at launch. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Network Security Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe