Introducing Anchore’s service for discovery, deep inspection and analysis of container images
- Search for images across multiple registries
- Explore images including TAGs and History
- Perform detailed analysis of Container Images
- See Security issues
- Define policies
- Subscribe to receive updates
The Anchore Navigator delivers a free service to let anyone discover and analyze images on public container registries such as DockerHub. Anchore’s SaaS service regularly polls public container registries and performs analysis on hundreds of public images – both official and non-official. Anchore collects and stores detailed data about these images including historic information such as how often an image has been updated and the history of image tags.
Today all official repos are scanned along with many popular non-official repos. Logged in users have the ability to request other public images to be scanned.
Once a repo has been selected users can select an image from a sortable list of tags which shows the the tag name, last update, update frequency and size of an image. Selecting an image allows a user to view detailed information about in image including information that is typically not available from public registries including Image digest, operating system, and labels. The
Navigator allows users to perform a deep inspection of the image to see all the operating system packages, Node.JS modules, RubyGEMs, in fact every file in the image is covered in the analysis.
For images with historic information the Navigators allows details from previous versions of a Tag to be displayed along with a change log that is generated by the system to show what packages and files changed between images.
Security & Compliance
A detailed security report including Common Vulnerabilities and Exposures (CVEs) can be viewed, allowing the user to see what packages triggered vulnerability alerts and if an update is available.
In addition to listing security vulnerabilities, the Navigator shows the Policy compliance of the Image using the default Anchore policy which assess an image’s compliance based on CVEs, Dockerfile contents and Package Manifest.
Customize Policies and Scan Private Images
In addition to the free Navigator solution the Premium offering allows users to perform analysis and policy evaluation on container images stored in an organization’s private registries. The container images can be inspected using the Navigator and detailed policies can be defined that specify rules to govern vulnerabilities, package whitelists & blacklists, configuration file contents, presence of credentials in image, manifest changes, exposed ports or other user defined checks. A Jenkins CI/CD plugin can be installed on-prem that integrates with the Navigator to scan images as they pass through the CI/CD pipeline.
Users can subscribe to receive notifications when images are updated, when new vulnerabilities are discovered or if an image moves out of compliance.