Skip to content

roachmd/anchorenginehowto

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Anchore Engine How To Guide


Purpose:

I started in the early days of docker. Back then saying we are using docker now was enough to get you past the securtiy team. But today not so much.

Security teams have caught up and now so have the tools. Mature pipelines now include some sort of security scan.

Looking around for a free scanner with an enterprise upgrade option is few and far between. I've seen aquasecurity but wanted to learn to use another.

So below is my dive into using Anchore Engine.

Using Docker Compose:

Using the docs with a few corrections, changes, etc...

docker-compose up -d

Go ahead and install the client below. Then run

anchore-cli --u admin --p foobar --url http://localhost:8228/v1 system status

At the time of this writing 8/13/2018. You should see something like this:

Anchore Engine


CLI How to

Installing CLI:

mkdir venv
python2.7 -m virtualenv venv
source env/bin/activate
pip install --user anchorecli
pip install anchorecli

Using CLI:

anchore-cli --u admin --p foobar image add docker.io/library/node:latest
anchore-cli --u admin --p foobar image list
anchore-cli --u admin --p foobar image vuln docker.io/library/node:latest os | wc -l
> 1669 {{ Like WTF, no really WTF NODE. }}
anchore-cli --u admin --p foobar image vuln docker.io/library/node:latest os | head
> Vulnerability ID        Package                                                Severity          Fix                    Vulnerability URL
> CVE-2015-1258           libvpx1-1.3.0-3+deb8u1                                 High              None                   https://security-tracker.debian.org/tracker/CVE-2015-1258
> CVE-2017-1000379        linux-libc-dev-3.16.57-2                               High              None                   https://security-tracker.debian.org/tracker/CVE-2017-1000379
> CVE-2017-10662          linux-libc-dev-3.16.57-2                               High              None                   https://security-tracker.debian.org/tracker/CVE-2017-10662
> CVE-2017-10663          linux-libc-dev-3.16.57-2                               High              None                   https://security-tracker.debian.org/tracker/CVE-2017-10663

Images

File Structure
├── aevolume
│   ├── config
│   │   ├── analyzer_config.yaml
│   │   ├── anchore-promethesus.yaml
│   │   ├── anchore_default_bundle.json
│   │   ├── config-ui.yaml
│   │   └── config.yaml
│   └── db
├── docker-compose.yaml```



###### Reference
https://github.com/anchore/anchore-engine
https://anchore.freshdesk.com/support/solutions/articles/36000020381-overview

About

No description or website provided.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published