Weston Steimel

Senior Software Engineer at Anchore

East Hertfordshire, England, United Kingdom
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Weston Steimel is a Senior Software Engineer with a decade of experience building cloud-native Python applications and leading distributed teams, currently contributing to Anchore’s efforts in container security. He is a dedicated open-source security engineer and a primary curator of the Python Packaging Advisory Database, with notable contributions to high-profile projects like syft and grype that improve SBOM generation and vulnerability scanning. Weston combines practical cloud expertise—especially AWS-driven serverless and data tooling—with systems-level work in Go and significant legacy experience in .NET and Java. He’s obsessed with improving vulnerability matching and metadata quality (including NVD cleanup and CPE mapping), and even maintains tooling to generate safer PyPI repos and minimal base Python container images inspired by Google Distroless. Practical, security-first, and detail-oriented, he bridges research, tooling, and production deployment to reduce false positives and harden open-source supply chains.
code10 years of coding experience
job13 years of employment as a software developer
bookBachelor of Science (B.S.), Computer Science, Bachelor of Science (B.S.), Computer Science at Kansas State University
github-logo-circle

Github Skills (26)

vulnerability-management10
develop10
security-txt10
vulnerability-scanners10
vulnerability10
security10
debian-packaging10
go10
golang10
vulnerabilities10
scanning10
security-scan10
static-analysis9
containerization9
sqlite9

Programming languages (15)

JavaC++CSWIGScalaGoMustacheHTML

Github contributions (5)

github-logo-circle
anchore/grype

Jan 2022 - Jan 2023

A vulnerability scanner for container images and filesystems
Role in this project:
userBack-end Developer & Security Engineer
Contributions:39 reviews, 77 commits, 115 PRs in 1 year
Contributions summary:Weston Steimel primarily worked on improving vulnerability scanning capabilities. They implemented changes to support filtering vulnerability matches based on namespace and package language, enhancing the precision of the scanning process. Significant contributions include the adoption of an Anchore fork of the `glebarez/sqlite` library, enhancing database interactions. Further work involved finalizing the v4 and v5 Grype schema, adding support for package qualifiers to improve matching for RPM appstream modules, and addressing various false positives.
security-vulnerabilityfilesystemsvulnerability-scannersocivulnerabilities
anchore/syft

Feb 2021 - Jan 2023

CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Role in this project:
userBack-end Developer
Contributions:58 reviews, 26 commits, 157 PRs in 1 year 11 months
Contributions summary:Weston primarily contributed to the development of the syft tool, focusing on enhancing its capabilities to catalog packages within container images and file systems. They implemented a new feature to scan for Debian packages from the `/var/lib/dpkg/status.d/` directory and added integration test cases for detecting packages from that directory. Furthermore, the user developed a cataloger for Rust crates by parsing Cargo.lock files and incorporated it into the codebase.
filesystemsspdxociclivulnerabilities
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Weston Steimel - Senior Software Engineer at Anchore