Anchore Open Source

Deploy Containers with Confidence


Anchore Open Source Project

Install Anchore Today


The Anchore open source project allows developers to perform detailed analysis on their container images, run queries, produce reports and define policies that can be used in CI/CD pipelines. Developers can extend the tool to add new plugins that add new queries, new image analysis, and new policies.

What You Can Do with Anchore


See which images have the package “dpkg” installed

anchore query has-package dpkg

See if your images have any known CVE vulnerabilities

anchore query cve-scan all

List all of the files in a particular path, in a particular image

anchore query --image=ubuntu list-files /etc

See if a specific image (ubuntu) has a certain package installed

anchore query --image ubuntu has-package dpkg

See if an image is up-to-date relative to the base image from which it was built

anchore query --image=my_app:latest show-pkg-diffs myapp:2

How to Contribute


Contributing Code

We encourage contributions to any part of the open-source Anchore command-line tool, whether they be to the tool framework itself or as individual analyzer/gate or query modules that can be dropped in to existing Anchore installations. Anchore is using the Apache 2 license. For more contribution information, please see the LICENSE and CONTRIBUTING documents in the main github anchore project page.

The easiest way to contribute to Anchore is to build a new Analyzer, Gate, or Query module. These are simple, self-contained modules that implement a certain kind of functionality within the broader Anchore framework. You can about how to build these modules on our wiki.

Other Contributions

If you don’t want to contribute source code, there are lots of other ways to get involved with the project! Most of our documentation is hosted on the GitHub wiki and we would love to review and accept new contributions to our docs–the process is the same, using GitHub pull requests. We may also need help triaging and reproducing user-reported bugs, and if you’re a skilled Anchore user, we would love have you in our IRC channel, perhaps helping other users. Drop in and say hi!


Reporting a Bug

If you’ve found a bug in Anchore and you’d like to report it to us, please use the GitHub issue tracking system. We would appreciate as much detail as you can provide, including the version of Anchore you are using, your method of installation (OS packages, PIP, source?), what version of Docker you are using, as well as any troubleshooting steps you’ve already attempted. If you are using Anchore for production in a commercial environment, you may want to consider a full support contract so that we can provide a Service Level Agreement for your deployment.

Jumpstart Your Container Security Initiative

Anchore Champion is a subscription service for users of Anchore’s open source project, offering support for installing, configuring, integrating and using the Anchore Container Analysis and Policy Engine.

Join the Community

Click here to get the source code and contribute to the project

Go to to contact us and learn more about anchore

Follow us on Twitter to stay up to date with everything anchore

3 / 36
Join our slack channel and chat live with members of the Anchore community.