The Anchore CLI provides a command line interface on top of the Anchore Engine REST API.
Using the Anchore CLI users can manage and inspect images, policies, subscriptions and registries for the following:
Supported Operating Systems
- Alpine
- Amazon Linux 2
- CentOS
- Debian
- Google Distroless
- Oracle Linux
- Red Hat Enterprise Linux
- Red Hat Universal Base Image (UBI)
- Ubuntu
Supported Packages
- GEM
- Java Archive (jar, war, ear)
- NPM
- Python (PIP)
The Anchore CLI can be installed from source using the Python pip utility
git clone https://github.com/anchore/anchore-cli cd anchore-cli pip install --user --upgrade .
Or can be installed from the installed form source from the Python PyPI package repository.
yum install epel-release yum install python-pip pip install anchorecli
apt-get update apt-get install python-pip pip install anchorecli Note make sure ~/.local/bin is part of your PATH or just export it directly: export PATH="$HOME/.local/bin/:$PATH"
Use Python's pip package manager:
sudo easy_install pip pip install --user anchorecli export PATH=${PATH}:${HOME}/Library/Python/2.7/bin
To ensure anchore-cli is readily available in subsequent terminal sessions, remember to add that last line to your shell profile (.bash_profile or equivalent).
To update anchore-cli later:
pip install --user --upgrade anchorecli
By default the Anchore CLI will try to connect to the Anchore Engine at http://localhost/v1
with no authentication.
The username, password and URL for the server can be passed to the Anchore CLI as command line arguments.
--u TEXT Username eg. admin --p TEXT Password eg. foobar --url TEXT Service URL eg. http://localhost:8228/v1
Rather than passing these parameters for every call to the cli they can be stores as environment variables.
ANCHORE_CLI_URL=http://myserver.example.com:8228/v1 ANCHORE_CLI_USER=admin ANCHORE_CLI_PASS=foobar
Add an image to the Anchore Engine
anchore-cli image add docker.io/library/debian:latest
Wait for an image to transition to analyzed
anchore-cli image wait docker.io/library/debian:latest
List images analyzed by the Anchore Engine
anchore-cli image list
Get summary information for a specified image
anchore-cli image get docker.io/library/debian:latest
Perform a vulnerability scan on an image
anchore-cli image vuln docker.io/library/debian:latest os
Perform a policy evaluation on an image
anchore-cli evaluate check docker.io/library/debian:latest --detail
List operating system packages present in an image
anchore-cli image content docker.io/library/debian:latest os
Subscribe to receive webhook notifications when new CVEs are added to an update
anchore-cli subscription activate vuln_update docker.io/library/debian:latest
For further details on use of the Anchore CLI with the Anchore Engine please refer to Anchore Engine