Skip to content

Simple command-line client to the Anchore Engine service

License

Notifications You must be signed in to change notification settings

dspalmer99/anchore-cli

 
 

Repository files navigation

Overview

The Anchore CLI provides a command line interface on top of the Anchore Engine REST API.

Using the Anchore CLI users can manage and inspect images, policies, subscriptions and registries for the following:

Supported Operating Systems

  • Alpine
  • Amazon Linux 2
  • CentOS
  • Debian
  • Google Distroless
  • Oracle Linux
  • Red Hat Enterprise Linux
  • Red Hat Universal Base Image (UBI)
  • Ubuntu

Supported Packages

  • GEM
  • Java Archive (jar, war, ear)
  • NPM
  • Python (PIP)

Installing Anchore CLI from source

The Anchore CLI can be installed from source using the Python pip utility

git clone https://github.com/anchore/anchore-cli
cd anchore-cli
pip install --user --upgrade .

Or can be installed from the installed form source from the Python PyPI package repository.

Installing Anchore CLI on CentOS and Red Hat Enterprise Linux

yum install epel-release
yum install python-pip
pip install anchorecli

Installing Anchore CLI on Debian and Ubuntu

apt-get update
apt-get install python-pip
pip install anchorecli
Note make sure ~/.local/bin is part of your PATH or just export it directly: export PATH="$HOME/.local/bin/:$PATH"

Installing Anchore CLI on Mac OS / OS X

Use Python's pip package manager:

sudo easy_install pip
pip install --user anchorecli
export PATH=${PATH}:${HOME}/Library/Python/2.7/bin

To ensure anchore-cli is readily available in subsequent terminal sessions, remember to add that last line to your shell profile (.bash_profile or equivalent).

To update anchore-cli later:

pip install --user --upgrade anchorecli

Configuring the Anchore CLI

By default the Anchore CLI will try to connect to the Anchore Engine at http://localhost/v1 with no authentication. The username, password and URL for the server can be passed to the Anchore CLI as command line arguments.

--u   TEXT   Username     eg. admin
--p   TEXT   Password     eg. foobar
--url TEXT   Service URL  eg. http://localhost:8228/v1

Rather than passing these parameters for every call to the cli they can be stores as environment variables.

ANCHORE_CLI_URL=http://myserver.example.com:8228/v1
ANCHORE_CLI_USER=admin
ANCHORE_CLI_PASS=foobar

Command line examples

Add an image to the Anchore Engine

anchore-cli image add docker.io/library/debian:latest

Wait for an image to transition to analyzed

anchore-cli image wait docker.io/library/debian:latest

List images analyzed by the Anchore Engine

anchore-cli image list

Get summary information for a specified image

anchore-cli image get docker.io/library/debian:latest

Perform a vulnerability scan on an image

anchore-cli image vuln docker.io/library/debian:latest os

Perform a policy evaluation on an image

anchore-cli evaluate check docker.io/library/debian:latest --detail

List operating system packages present in an image

anchore-cli image content docker.io/library/debian:latest os

Subscribe to receive webhook notifications when new CVEs are added to an update

anchore-cli subscription activate vuln_update docker.io/library/debian:latest

More Information

For further details on use of the Anchore CLI with the Anchore Engine please refer to Anchore Engine

About

Simple command-line client to the Anchore Engine service

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 96.0%
  • Makefile 2.0%
  • Other 2.0%