Anchore is an Open Container Compliance Platform for Discovering, Analyzing, and Certifying Container Images
What Anchore Does
Anchore allows developers, operations, and security teams to perform detailed analysis on container images, run queries, produce reports and define policies that can be used in CI/CD pipelines. Users can extend the tool to add new plugins that add new queries, new image analysis, and new policies.
Do You Know What’s Beneath the Surface of Your Containers?
Image scanning solutions focus on scanning the operating system image for known vulnerabilities (CVEs). While this is a critical check to perform it is just the first step. An image may contain no operating system packages with known vulnerabilities but may still be insecure, mis-configured or in some other way out of compliance.
Anchore analysis tools inspect your container image and generate a detailed manifest of the image, a virtual ‘bill of materials’ that includes official operating system packages, unofficial packages, configuration files and language modules and artifacts such as NPM, PiP, GEM, and Java archives.
Using Anchore tools policies can be defined that specify rules to govern security vulnerabilities, package whitelists and blacklists, configuration file contents, presence of credentials in image, manifest changes, exposed ports or any user defined checks. These policies can be deployed site wide or customized for specific images or categories of applications.
How to Use Anchore
Analyze Container Images
Inspect your container image and generate a detailed list that includes official OS packages, unofficial packages, config files, language modules, and artifacts such as NPM, PiP, GEM, and Java archives.
Define & Enforce Policies
Define policies to govern security vulnerabilities, package whitelists and blacklists, configuration file contents, credentials in image, manifest changes, exposed ports or any user defined checks.
Integrate into Workflow
Anchore can be run at any point in the development pipeline to produce reports or to evaluate policies allowing policy violations to be caught and fixed early in the development lifecycle.
Integrate with orchestration platforms such as Kubernetes to ensure that only images that are certified by your organization are run.
With deployment options to suit every need: on-premises or open source
The Anchore open source project allows developers to perform detailed analysis on their container images, run queries, produce reports and define policies that can be used in CI/CD pipelines. Developers can extend the tool to add new plugins that add new queries, new image analysis, and new
Use the Anchore On-Premise UI with Anchore Engine in your data center to scan your private registries and integrate into your CI/CD pipeline – ensuring that only images that pass the policy checks that you define are deployed.