preloder

Anchore Open Source Engine

An open source container compliance platform to ensure security and stability of production container deployments

Use Anchore Across Multiple Platforms

What Anchore Open Source Does

The Anchore Engine allows developers to perform detailed analysis on their container images, run queries, produce reports and define policies that can be used in CI/CD pipelines. Developers can extend the tool to add new plugins that add new queries, new image analysis, and new policies.

Features

Highly customizable and dynamic to meet all of your container security and compliance needs

U

image analysis

Perform deep analysis on images including searchable lists of all packages, files and software artifacts such as Ruby GEMs and Node.JS modules.
s

policy management

Define and apply policies to certify images within the CI/CD pipeline, within your container registry or before images are deployed.

notifications

Receive notifications when images are updated, CVEs are added or removed & when the policy status of an image changes.

CI/CD Integration

Integrate into your CI/CD pipeline to ensure that only images that meet your security and compliance requirements are deployed.
l

Highly Customizable

Define checks for vulnerabilities, package whitelists, blacklists, configuration files, secrets in image, manifest changes, exposed ports and more.

Orchestration

Use the Anchore Engine to ensure that only the certified and secure images are deployed and run in your Orchestration Platform

What You Can Do with Anchore

Explore some of the most popular Anchore commands

Submit an Image to be Analyzed
anchore-cli image add library/debian:latest
See if your images have any known CVE vulnerabilities
anchore-cli image vuln myrepo/app:latest os
List all of the files in a particular image
anchore-cli image content myrepo/app:latest files
Evaluate your image against your custom security policy
anchore-cli evaluate check myrepo/app:latest
Subscribe to receive notifications when an image is updated
anchore-cli subscription activate tag_update library/debian:latest

Integrations

Integrate Anchore with your favorite CI/CD Systems, Orchestration Platforms, and more.

By integrating Anchore and Kubernetes you can ensure that only trusted and secure images are deployed and run in your Kubernetes environment Kubernetes

Anchore has been designed to plug seamlessly into your container based CI/CD pipeline to add analytics, compliance and governance to your workflow. Jenkins

Install Anchore in Less than 5 Minutes

Get up and running in 8 short easy steps.

Step One

Download the docker-compose.yaml file from the scripts/docker-compose directory of the github project.
curl https://raw.githubusercontent.com/anchore/anchore-engine/master/scripts/docker-compose/
docker-compose.yaml -o docker-compose.yaml

Step Two

Update the Docker Compose file with the location of the configuration volume created in the initial configuration step.
volumes:
     - /path/to/config/volume:/config/:Z

Step Three

Create volume to hold PostgreSQL data
mkdir -p /path/to/dbvolume/

Step Four

Updated the Docker Compose file with the location of the database volume created in step 3
Note: This directory must be empty.
anchore-db:
    image: "postgres:9"
    volumes:
     - /path/to/dbvolume/:/var/lib/postgresql/data/pgdata/:Z

Step Five

Update the Docker Compose file with the database password specified during the initial configuration step.initial configuration
 environment:
      - POSTGRES_PASSWORD=mysecretpassword

Step 6

Run ‘docker-compose pull’ to instruct Docker to download the required container images from DockerHub.
docker-compose pull

Step Seven

Start the Anchore Engine *Note: This command should be run from the directory container docker-compose.yaml
docker-compose up -d

Step Eight

Stopping the Anchore Engine *Note: This command should be run from the directory containing docker-compose.yaml
docker-compose down --volumes

Secure Your Jenkins Pipeline in Minutes with Anchore

Get Started with Anchore Today

Read the documentation to see how Anchore can work for you or install the Anchore Engine Docker container to get up and running today

Join the Anchore Community

Ask questions, engage with Anchore users, contribute code, and let us know what you think

Github

Click here to get the source code and contribute to the project

Slack

Click here to join our slack channel and chat live with members of the Anchore community

Twitter

Follow us on Twitter to stay up to date with everything anchore