Events
Join Anchore Open Source Team: Live Stream
Join us on Thursdays for “Open Source Gardening,” a live stream where the Developer Relations team works with the Engineering minds behind Anchore’s open-source tools, Syft, Grype, and the rest of the family.
Special guest alert: Michael Coté from Broadcom catching up on Bitnami Secure Images.
We will spend a relaxed hour working on issues and pull requests. There will be technical discussions, some roadmap planning, and audience questions. Every week we stream live on the Anchore YouTube channel.
From Paperwork to Provenance: Navigating the FedRAMP 20x Pivot
The “standard” FedRAMP playbook has been rewritten. With the full-scale rollout of FedRAMP 20x in 2026, the program has officially shifted from static, narrative-based documentation to a model of continuous validation and machine-readable evidence. For security engineering teams, this isn’t just a policy update—it is a fundamental change in how cloud-native architectures must be built, audited, and maintained.
Together with InfusionPoints we dissect the new FedRAMP 20x milestones to answer the “how” of engineering for federal scale in the age of AI and automated GRC.
Key Discussion Points
- The Key Security Indicators (KSIs) Shift: How to move from “writing a policy” to “streaming a metric.”
- 2026 AI Governance Overlays: What does “trustworthy AI” look like in a machine-readable authorization package?
- Legacy Rev5 vs. 20x Validated: When to switch from “Certified” (Rev5) path to “Validated” (20x) to avoid the 2027 end-of-life for legacy submissions.
- Automation-First Architecture: Engineering your CI/CD pipelines to output OSCAL-compliant logs that satisfy the new machine-readable submission requirements (RFC-0024).
- The “No-Sponsor” Strategy: How to bypass the agency-sponsor bottleneck by leading with technical maturity.