Skip to content
This repository has been archived by the owner on Jul 10, 2024. It is now read-only.
/ anchore-cli Public archive

Simple command-line client to the Anchore Engine service

License

Notifications You must be signed in to change notification settings

anchore/anchore-cli

Repository files navigation

Important

As of 2024, Anchore CLI is no longer maintained. There will be no future versions released. Users are advised to use AnchoreCTL when interacting with Anchore Enterprise.

For users interested in the supported commercial solution for container scanning and complaiance, schedule a demo to see Anchore Enterprise's broad set of enterprise capabilities including SBOM management, vulnerability management, and compliance management.

Overview

The Anchore CLI provides a command line interface on top of the Anchore Engine REST API.

Using the Anchore CLI users can manage and inspect images, policies, subscriptions and registries for the following:

Supported Operating Systems

  • Alpine
  • Amazon Linux 2
  • CentOS
  • Debian
  • Google Distroless
  • Oracle Linux
  • Red Hat Enterprise Linux
  • Red Hat Universal Base Image (UBI)
  • Ubuntu

Supported Packages

  • GEM
  • Java Archive (jar, war, ear)
  • NPM
  • Python (PIP)

Installing Anchore CLI from source

The Anchore CLI can be installed from source using the Python pip utility

git clone https://github.com/anchore/anchore-cli
cd anchore-cli
pip install --user --upgrade .

Or can be installed from the installed form source from the Python PyPI package repository.

Installing Anchore CLI on CentOS and Red Hat Enterprise Linux

yum install epel-release
yum install python-pip
pip install anchorecli

Installing Anchore CLI on Debian and Ubuntu

apt-get update
apt-get install python-pip
pip install anchorecli
Note make sure ~/.local/bin is part of your PATH or just export it directly: export PATH="$HOME/.local/bin/:$PATH"

Installing Anchore CLI on Mac OS / OS X

Use Python's pip package manager:

sudo easy_install pip
pip install --user anchorecli
export PATH=${PATH}:${HOME}/Library/Python/2.7/bin

To ensure anchore-cli is readily available in subsequent terminal sessions, remember to add that last line to your shell profile (.bash_profile or equivalent).

To update anchore-cli later:

pip install --user --upgrade anchorecli

Configuring the Anchore CLI

By default the Anchore CLI will try to connect to the Anchore Engine at http://localhost/v1 with no authentication. The username, password and URL for the server can be passed to the Anchore CLI as command line arguments.

--u   TEXT   Username     eg. admin
--p   TEXT   Password     eg. foobar
--url TEXT   Service URL  eg. http://localhost:8228/v1

Rather than passing these parameters for every call to the cli they can be stores as environment variables.

ANCHORE_CLI_URL=http://myserver.example.com:8228/v1
ANCHORE_CLI_USER=admin
ANCHORE_CLI_PASS=foobar

Command line examples

Add an image to the Anchore Engine

anchore-cli image add docker.io/library/debian:latest

Wait for an image to transition to analyzed

anchore-cli image wait docker.io/library/debian:latest

List images analyzed by the Anchore Engine

anchore-cli image list

Get summary information for a specified image

anchore-cli image get docker.io/library/debian:latest

Perform a vulnerability scan on an image

anchore-cli image vuln docker.io/library/debian:latest os

Perform a policy evaluation on an image

anchore-cli evaluate check docker.io/library/debian:latest --detail

List operating system packages present in an image

anchore-cli image content docker.io/library/debian:latest os

Subscribe to receive webhook notifications when new CVEs are added to an update

anchore-cli subscription activate vuln_update docker.io/library/debian:latest

More Information

For further details on use of the Anchore CLI with the Anchore Engine please refer to Anchore Engine