The Anchore CLI provides a command line interface on top of the Anchore Engine <https://github.com/anchore/anchore-engine>_ REST API.
Using the Anchore CLI users can manage and inspect images, policies, subscriptions and registries for the following:
Supported Operating Systems
Supported Packages
The Anchore CLI can be installed from source using the Python pip utility
.. code::
git clone https://github.com/anchore/anchore-cli
cd anchore-cli
pip install --user --upgrade .
Or can be installed from the installed form source from the Python PyPI <https://pypi.python.org/pypi>_ package repository.
.. code::
yum install epel-release
yum install python-pip
pip install anchorecli
.. code::
apt-get update
apt-get install python-pip
pip install anchorecli
Note make sure ~/.local/bin is part of your PATH or just export it directly: export PATH="$HOME/.local/bin/:$PATH"
Use Python's pip package manager:
.. code::
sudo easy_install pip
pip install --user anchorecli
export PATH=${PATH}:${HOME}/Library/Python/2.7/bin
To ensure anchore-cli is readily available in subsequent terminal sessions, remember to add that last line to your shell profile (.bash_profile or equivalent).
To update anchore-cli later:
.. code::
pip install --user --upgrade anchorecli
By default the Anchore CLI will try to connect to the Anchore Engine at http://localhost/v1 with no authentication.
The username, password and URL for the server can be passed to the Anchore CLI as command line arguments.
.. code::
--u TEXT Username eg. admin
--p TEXT Password eg. foobar
--url TEXT Service URL eg. http://localhost:8228/v1
Rather than passing these parameters for every call to the cli they can be stores as environment variables.
.. code::
ANCHORE_CLI_URL=http://myserver.example.com:8228/v1
ANCHORE_CLI_USER=admin
ANCHORE_CLI_PASS=foobar
Add an image to the Anchore Engine
.. code::
anchore-cli image add docker.io/library/debian:latest
Wait for an image to transition to analyzed
.. code::
anchore-cli image wait docker.io/library/debian:latest
List images analyzed by the Anchore Engine
.. code::
anchore-cli image list
Get summary information for a specified image
.. code::
anchore-cli image get docker.io/library/debian:latest
Perform a vulnerability scan on an image
.. code::
anchore-cli image vuln docker.io/library/debian:latest os
Perform a policy evaluation on an image
.. code::
anchore-cli evaluate check docker.io/library/debian:latest --detail
List operating system packages present in an image
.. code::
anchore-cli image content docker.io/library/debian:latest os
Subscribe to receive webhook notifications when new CVEs are added to an update
.. code::
anchore-cli subscription activate vuln_update docker.io/library/debian:latest
For further details on use of the Anchore CLI with the Anchore Engine please refer to Anchore Engine <https://github.com/anchore/anchore-engine>_
FAQs
Anchore Service CLI
We found that anchorecli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.