https://github.com/anchore/s3c-workshops

Deploy Anchore Enterprise in an environment of your choice. Then follow through a series of labs that showcase how you can improve security across your software supply chain.
https://github.com/anchore/s3c-workshops

containers devsecops fedramp k8s sbom security supply-chain-security vulnerability-scanners

Last synced: about 7 hours ago
JSON representation

Deploy Anchore Enterprise in an environment of your choice. Then follow through a series of labs that showcase how you can improve security across your software supply chain.

• Host: GitHub
• URL: https://github.com/anchore/s3c-workshops
• Owner: anchore
• Created: 2024-02-29T23:18:55.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-07-29T12:58:19.000Z (2 months ago)
• Last Synced: 2025-07-29T15:30:40.335Z (2 months ago)
• Topics: containers, devsecops, fedramp, k8s, sbom, security, supply-chain-security, vulnerability-scanners
• Language: Dockerfile
• Homepage:
• Size: 1.78 MB
• Stars: 6
• Watchers: 15
• Forks: 4
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# S3C Workshops - Software Security in the Real World

This repo offers step-by-step guidance that take you from deploying Anchore Enterprise (version 5.17) to a series of specific labs, showcasing how you can utilize Anchore Enterprise to improve security across your software supply chain.

## Target audience

Anyone who wants to understand how they can improve security across their SDLC using Anchore Enterprise.

This repository will get you a running Anchore Enterprise deployment in either a Docker Compose to Kubernetes. 

After you have a successful deployment, just pick an interesting lab, and we take you through a guided tour with step-by-step instructions.

## Use cases

Anchore Enterprise is a flexible platform that can be utilized in many ways, here are some of these use cases that you might recognise.

**SBOM (Software Bill of Materials)** - Get comprehensive visibility of your software components to bolster security and ensure vulnerability accuracy with the most complete SBOM available.

**Container Vulnerability Scanning** - Reduce false positives and false negatives with best-in-class signal-to-noise ratio.

**Container Security** - Identify and remediate container security risks, and monitor post-deployment for new vulnerabilities.

**Container Registry Scanning** - Get continuous security and compliance checks integrated directly into your container image registry.

**CI/CD Pipeline Security** - Embed security and compliance into your CI/CD / DevSecOps pipeline to uncover vulnerabilities, secrets, and malware in your automated build processes and keep development moving.

**Cluster Integrations** - Allow or prevent deployment of images based on flexible policies and continuously monitor the inventory of insecure images running in your clusters.

**FedRAMP Vulnerability Scanning** - Meet the new FedRAMP Vulnerability Scanning Requirements for Containers and achieve compliance faster with Anchore.

**Cybersecurity & Federal Compliance** - Automate compliance checks using out-of-the-box and custom policies.

## Labs

Each lab below steps you through tried and tested examples across many use cases.  

* [Deployment](labs/Deployment/README.md) - Get Anchore Enterprise & AnchoreCTL Running (REQUIRED)

* [VIPERR](labs/VIPERR/README.md) - **V**isibility, **I**nspection, **P**olicy **E**nforcement, **R**emediation, **R**eporting

## Learn more

Anchore supports many use cases, configurations and environments, please check out the Anchore Docs, wider resources, or get in touch directly to learn more.

- [Anchore Enterprise Docs](https://docs.anchore.com/current/docs/)

- [Anchore Resources](https://anchore.com/resources/)

- [Get in touch](https://get.anchore.com/contact/)