anchore/anchore-cli anchore/anchore-cli

  • Stars
    star
    108
  • Rank 310,071 (Top 7 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated 11 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
anchore/anchore-cli
github

anchore

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Simple command-line client to the Anchore Engine service

Overview

The Anchore CLI provides a command line interface on top of the Anchore Engine REST API.

Using the Anchore CLI users can manage and inspect images, policies, subscriptions and registries for the following:

Supported Operating Systems

  • Alpine
  • Amazon Linux 2
  • CentOS
  • Debian
  • Google Distroless
  • Oracle Linux
  • Red Hat Enterprise Linux
  • Red Hat Universal Base Image (UBI)
  • Ubuntu

Supported Packages

  • GEM
  • Java Archive (jar, war, ear)
  • NPM
  • Python (PIP)

Installing Anchore CLI from source

The Anchore CLI can be installed from source using the Python pip utility

git clone https://github.com/anchore/anchore-cli
cd anchore-cli
pip install --user --upgrade .

Or can be installed from the installed form source from the Python PyPI package repository.

Installing Anchore CLI on CentOS and Red Hat Enterprise Linux

yum install epel-release
yum install python-pip
pip install anchorecli

Installing Anchore CLI on Debian and Ubuntu

apt-get update
apt-get install python-pip
pip install anchorecli
Note make sure ~/.local/bin is part of your PATH or just export it directly: export PATH="$HOME/.local/bin/:$PATH"

Installing Anchore CLI on Mac OS / OS X

Use Python's pip package manager:

sudo easy_install pip
pip install --user anchorecli
export PATH=${PATH}:${HOME}/Library/Python/2.7/bin

To ensure anchore-cli is readily available in subsequent terminal sessions, remember to add that last line to your shell profile (.bash_profile or equivalent).

To update anchore-cli later:

pip install --user --upgrade anchorecli

Configuring the Anchore CLI

By default the Anchore CLI will try to connect to the Anchore Engine at http://localhost/v1 with no authentication. The username, password and URL for the server can be passed to the Anchore CLI as command line arguments.

--u   TEXT   Username     eg. admin
--p   TEXT   Password     eg. foobar
--url TEXT   Service URL  eg. http://localhost:8228/v1

Rather than passing these parameters for every call to the cli they can be stores as environment variables.

ANCHORE_CLI_URL=http://myserver.example.com:8228/v1
ANCHORE_CLI_USER=admin
ANCHORE_CLI_PASS=foobar

Command line examples

Add an image to the Anchore Engine

anchore-cli image add docker.io/library/debian:latest

Wait for an image to transition to analyzed

anchore-cli image wait docker.io/library/debian:latest

List images analyzed by the Anchore Engine

anchore-cli image list

Get summary information for a specified image

anchore-cli image get docker.io/library/debian:latest

Perform a vulnerability scan on an image

anchore-cli image vuln docker.io/library/debian:latest os

Perform a policy evaluation on an image

anchore-cli evaluate check docker.io/library/debian:latest --detail

List operating system packages present in an image

anchore-cli image content docker.io/library/debian:latest os

Subscribe to receive webhook notifications when new CVEs are added to an update

anchore-cli subscription activate vuln_update docker.io/library/debian:latest

More Information

For further details on use of the Anchore CLI with the Anchore Engine please refer to Anchore Engine

More Repositories

1

grype

A vulnerability scanner for container images and filesystems
Go
5,959
star
2

syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Go
4,261
star
3

anchore-engine

A service that analyzes docker images and scans for vulnerabilities
Python
1,547
star
4

anchore

This project is deprecated. Work is now done on https://github.com/anchore/syft and https://github.com/anchore/grype for local-host Software Bill of Materials and vulnerability scanning tools.
Python
360
star
5

quill

Simple mac binary signing from any platform
Go
190
star
6

scan-action

Anchore container analysis and scan provided as a GitHub Action
JavaScript
157
star
7

sbom-action

GitHub Action for creating software bill of materials using Syft.
TypeScript
113
star
8

kubernetes-admission-controller

Service implementation for a Kubernetes Dynamic Webhook controller for interacting with Anchore
Go
56
star
9

stereoscope

go library for processing container images and simulating a squash filesystem
Go
54
star
10

k8s-inventory

KAI (Kubernetes Automated Inventory) can poll Kubernetes Cluster API(s) to tell Anchore which Images are currently in-use
Go
52
star
11

anchore-charts

Helm charts for Anchore tools and services
Mustache
42
star
12

ci-tools

Contains scripts for running anchore engine in CI pipelines
Shell
34
star
13

chronicle

a fast changelog generator sourced from PRs and Issues
Go
32
star
14

harbor-scanner-adapter

Harbor Scanner Adapter for Anchore Engine and Enterprise
Go
29
star
15

grant

Search an SBOM for licenses and the packages they belong to
Go
28
star
16

vunnel

Tool for collecting vulnerability data from various sources (used to build the grype database)
Python
26
star
17

grype-db

Go
18
star
18

grype-vscode

Grype vulnerability check plugin for Visual Studio Code
TypeScript
15
star
19

anchore-grafeas-cli

Tool for connecting to an anchore-engine DB and generating grafeas note/occurrence JSON documents
Python
9
star
20

sbom-examples

Repository of SBOMs generated by the syft SBOM generator tool, against a list of popular dockerhub container images.
Python
8
star
21

yardstick

Compare vulnerability scanners results (to make them better!)
Python
5
star
22

vulnerability-match-labels

Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners
Python
5
star
23

engine-operator

Helm based anchore engine operator
Makefile
4
star
24

test-infra

Contains infrastructure for running functional tests using Helm chart deployments
Python
4
star
25

azure-devops-task

Anchore Task Extension for Azure DevOps Pipelines
TypeScript
4
star
26

client-go

Golang client for Anchore API
Makefile
4
star
27

go-struct-converter

Go library that provides a set of conversion utilities to help migrate between different versioned Go structs.
Go
2
star
28

fangs

Go
2
star
29

ecs-inventory

Go
2
star
30

go-macholibre

Go
2
star
31

homebrew-syft

homebrew tap for syft
Ruby
2
star
32

enterprise-client-go

Go client for enterprise API
Mustache
2
star
33

circleci-orb-grype

Repository for the Grype based CircleCI orb
Shell
2
star
34

test-images

Container automation for testing and validation
Dockerfile
2
star
35

go-logger

Go
1
star
36

deployment-templates

Repository for example Anchore Engine deployment methods and integrations
1
star
37

homebrew-grype

homebrew tap for grype
Ruby
1
star
38

modular-policy

CLI utility for managing Anchore policy bundles as individual components. Useful for git-based policy management.
Python
1
star
39

engine-db-preload

Some scripting to handling creation of preloaded anchore DB container
Shell
1
star