US Air Force RFI: Anchore Analyzers Alternative

Notice ID:Ā FA830725RB045

Software Bill of Materials (SBOM) Generation

  • The product must support generating SBOMs that comply with accepted industry standards (e.g., SPDX, CycloneDX)
  • The product must support generating SBOMs for common programming languages and ecosystems (e.g., npm, Maven, PyPI, Go modules, NuGet, RubyGems, Cargo).
  • The product must provide an API and or CLI to generate SBOMs during the build process (CI/CD).
  • The product should represent direct and transitive dependencies, including their relationships (e.g., which package depends on which).

Vulnerability Scanning

  • The software must integrate with standard vulnerability databases, such as the National Vulnerability Database (NVD), RHSA, GHSA, and other vendor-specific feeds.
  • The product must be able to automatically check the discovered components in the SBOM against known vulnerabilities.

Configuration and Compliance

  • Product should have a policy engine to flag and specific Dockerfile instructions, with the ability to warn and stop based on specific conditions
  • Product should have a policy engine to flag and specific Dockerfile instructions, with the ability to warn and stop based on specific conditions

Instructions to Fill Out: The Government requests that any vendor interested in proposing an alternative solution please fill out theĀ “RFI Anchore Analyzers_V2 Requirements Capability Spread Sheet in Attachment 1. There are **three** tabs, please fill out **three** tabs in the excel file

Read more here.

Ad



Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $295 annually.

LEAVE A REPLY

Please enter your comment!
Please enter your name here