Anchore Engine

Definition

Anchore Engine is an open-source container analysis service that provides deep inspection of container images to identify vulnerabilities, enforce security policies, and ensure compliance. It integrates with CI/CD pipelines to automate security checks, offering detailed reports on image contents, vulnerabilities, and policy violations. Anchore Engine supports a wide range of container registries and can be deployed on-premises or in the cloud, making it a versatile tool for enhancing container security.

Secure Settings Example

# anchore-engine-config.yaml
services:
  analyzer:
    enable: true
    config:
      allow_dockerfile_updates: false
      allow_policy_failure: false
      vulnerability_scan: true
      content_types:
        - os
        - npm
        - gem
        - python
        - java
      max_threads: 4

Insecure Settings Example

# anchore-engine-config.yaml
services:
  analyzer:
    enable: true
    config:
      allow_dockerfile_updates: true
      allow_policy_failure: true
      vulnerability_scan: false
      content_types:
        - os
      max_threads: 10