In today's cloud-native landscape, securing containerized applications requires seamless integration between security scanning tools and vulnerability management platforms. 

We're excited to announce a new API connector integration between Anchore Enterprise and DefectDojo Pro, enabling teams to centralize and streamline their container security workflows.

What is Anchore Enterprise?

Anchore Enterprise employs SBOMs to catalog software and report security issues to eliminate open source risk in the software supply chain. With industry-leading vulnerability management for containers, it helps organizations analyze, inspect, and certify container images and their contents throughout the software development lifecycle. 

At its core, Anchore performs continuous vulnerability scanning, policy-based compliance checks, and software bill of materials (SBOM) generation for container images. This allows development and security teams to identify security risks early, enforce organizational policies, and maintain compliance standards before containers reach production environments.

How do Anchore and DefectDojo Work Together?

The integration between Anchore Enterprise and DefectDojo Pro creates a powerful unified security workflow. Through the API connector, DefectDojo can automatically pull new vulnerability findings and security assessments directly into DefectDojo's centralized vulnerability management platform.

This integration enables teams to:

• Consolidate security findings from container scans alongside other application security tools in a single dashboard.
• Track vulnerability remediation with DefectDojo's workflow management, assigning findings to teams and monitoring resolution progress.
• Correlate container vulnerabilities with findings from SAST, DAST, and other security testing tools for comprehensive risk assessment.
• Generate unified reporting that provides leadership with a complete view of the security posture across containerized and traditional applications.
• Eliminate manual file imports between Anchore Enterprise and DefectDojo in order to reduce human error and accelerate response times.

DefectDojo serves as the central hub where security teams can prioritize, deduplicate, and manage vulnerabilities discovered by Anchore, while maintaining full traceability and audit trails.

How to Get Started

Setting up the Anchore Enterprise and DefectDojo Pro integration is straightforward:

Prerequisites:

• An active Anchore Enterprise instance with API access
• A DefectDojo Pro subscription

Configuration Steps:

1. Generate an API key in Anchore Enterprise

1. In DefectDojo Pro, head to import -> API Connectors, and add the new Anchore API configuration.

1. Paste in your Anchore API key in the secret field, and set up your connector. You can configure severity levels, enable auto-mapping, or schedule synchronization.
2. Done! You can either start a manual discovery and sync from the Manage Records and Operations menu, or wait until your data is pulled into DefectDojo automatically at the configured time.

Once configured, every container image scan performed by Anchore will automatically populate DefectDojo with detailed findings, complete with CVE information, affected packages, remediation guidance, and risk scores. Your security team can immediately begin triaging and tracking these vulnerabilities through DefectDojo's comprehensive workflow engine.

Ready to enhance your container security program? Learn more about this connector in our docs or book time with our team to learn more about DefectDojo Pro.