800+ IT
News
als RSS Feed abonnieren๐ Anchore Engine - A Service That Analyzes Docker Images And Applies User-Defined Acceptance Policies To Allow Automated Container Image Validation And Certification
๐ก Newskategorie: IT Security Nachrichten
๐ Quelle: feedproxy.google.com
For the most up-to-date information on Anchore Engine, Anchore CLI, and other Anchore software, please refer to the Anchore Documentation
The Anchore Engine is an open-source project that provides a centralized service for inspection, analysis, and certification of container images. The Anchore Engine is provided as a Docker container image that can be run standalone or within an orchestration platform such as Kubernetes, Docker Swarm, Rancher, Amazon ECS, and other container orchestration platforms.
The Anchore Engine can be accessed directly through a RESTful API or via the Anchore CLI.
With a deployment of Anchore Engine running in your environment, container images are downloaded and analyzed from Docker V2 compatible container registries and then evaluated against user-customizable policies to perform security, compliance, and best practices enforcement checks.
Anchore Engine can be used in several ways:
- Standalone or interactively.
- As a service integrated with your CI/CD to bring security/compliance/best-practice enforcement to your build pipeline
- As a component integrated into existing container monitoring and control frameworks via integration with its RESTful API.
Supported Operating Systems
- Alpine
- Amazon Linux 2
- CentOS
- Debian
- Google Distroless
- Oracle Linux
- Red Hat Enterprise Linux
- Red Hat Universal Base Image (UBI)
- Ubuntu
- GEM
- Java Archive (jar, war, ear)
- NPM
- Python (PIP)
Installation
There are several ways to get started with Anchore Engine, for the latest information on quickstart and full production installation with docker-compose, Helm, and other methods, please visit:
The Anchore Engine is distributed as a Docker Image available from DockerHub.
Quick Start (TLDR)
See documentation for the full quickstart guide.
To quickly bring up an installation of Anchore Engine on a system with docker (and docker-compose) installed, follow these simple steps:
curl https://docs.anchore.com/current/docs/engine/quickstart/docker-compose.yaml > docker-compose.yaml
docker-compose up -dGetting Started using the CLI
The Anchore CLI is an easy way to control and interact with the Anchore Engine.
The Anchore CLI can be installed using the Python pip command, or by running the CLI from the Anchore Engine CLI container image. See the Anchore CLI project on Github for code and more installation options and usage.
CLI Quick Start (TLDR)
By default, the Anchore CLI tries to connect to the Anchore Engine at http://localhost:8228/v1 with no authentication. The username, password, and URL for the server can be passed to the Anchore CLI as command-line arguments:
--u TEXT Username eg. admin
--p TEXT Password eg. foobar
--url TEXT Service URL eg. http://localhost:8228/v1ANCHORE_CLI_URL=http://myserver.example.com:8228/v1
ANCHORE_CLI_USER=admin
ANCHORE_CLI_PASS=foobaranchore-cli image add docker.io/library/debian:latestanchore-cli image wait docker.io/library/debian:latestanchore-cli image listanchore-cli image get docker.io/library/debian:latestanchore-cli system feeds list
anchore-cli system waitanchore-cli image vuln docker.io/library/debian:latest osanchore-cli image content docker.io/library/debian:latest osanchore-cli evaluate check docker.io/library/debian:latestanchore-cli policy hub --help
anchore-cli policy hub listAPI
For the external API definition (the user-facing service), see External API Swagger Spec. If you have Anchore Engine running, you can also review the Swagger by directing your browser at http://:8228/v1/ui/ (NOTE: the trailing slash is required for the embedded swagger UI browser to be viewed properly).
Each service implements its own API, and all APIs are defined in Swagger/OpenAPI spec. You can find each in the anchore_engine/services/<servicename>/api/swagger directory.
More Information
For further details on the use of the Anchore CLI with the Anchore Engine, please refer to the Anchore Engine Documentation