The company aims to further develop technology to scan containers for malware and viruses.
The Air Force awarded container security solution-provider Anchore a phase II Small Business Innovation Research contract worth $2.25 million to boost DevSecOps-centered technology and practices, according to a company press release.
“We’re just at the start of the journey for wide-scale software application modernization across the [Defense Department]. It is exciting to see this kind of game-changing innovation being driven by [Defense],” Anchor’s Vice President of U.S. Public Sector Craig Bowman told Nextgov via email Thursday. “This work helps organizations of all kinds build and automate security into their container development processes.”
Short for development, security and operations, DevSecOps refers to a software engineering culture and approach that aims to encompass all three elements through all phases of the production lifecycle. Bowman noted that the Pentagon is increasingly adopting cloud-native technologies and Kubernetes, an open-source container-orchestration system, to improve and automate its application deployments.
The California-based company provides a core technology platform required by the department’s Enterprise DevSecOps Reference Design, and for the past year, a team of Anchore officials has also supported the design and implementation of Platform One, the Air Force’s DevSecOps platform.
"The success of our mission depends on our ability to rapidly deliver secure software to warfighters," Air Force Maj. Rob Slaughter said in a statement regarding the new award. "The Platform One software factory is designed to ensure that hardened containers are made available at every stage of the software development lifecycle. Anchore allows us to do that by working within the development process to enforce security best practices."
While Anchore’s technology is currently being put to use to scan container images for known vulnerabilities, enforce best practices and more, Bowman said through the next phase, the company’s team aims to augment those capabilities to incorporate the detection of viruses and malware. Insiders also intend to expand features that minimize insider threats “by auditing containers against standardized, approved base images.”
“We would like to see our contributions lead to the expanded use of Platform One ... all across the USAF and into other branches where the speed of software development is critical for mission success,” Bowman said. “Once each branch has implemented systems and processes that achieve continuous authority to operate, they can build and maintain better software at significantly reduced costs.”