Image for performing vulnerability analysis on local docker images, using a stateless Anchore Engine
1M+
This is a specifically packaged container that includes anchore-engine, a registry, and a postgresdb necessary to perform a one-time analysis, vulnerability scan, and policy evaluation of an image without requiring the image be fetched from a remote registry.
This image is an internal component of the inline_scan script that executes the scan and handles input/output.
The script usage is here: https://github.com/anchore/ci-tools/blob/master/scripts/inline_scan
Starts Anchore Engine, Postgresql 9.6, and Docker Registry.
Finds docker image archives copied or mounted to /anchore-engine in the form of image+tag.tar.
Also supports taking stdin from the docker save command (use -i option to specify image name).
Usage: ${0##*/} [ -f ] [ -r ] [ -d Dockerfile ] [ -b policy.json ] [ -i IMAGE_ONE ] [ -t 300 ]
-d [optional] Dockerfile name - must be mounted/copied to /anchore-engine.
-i [optional] Image name or file name location (use image name if piping in docker save stdout).
-b [optional] Anchore policy bundle name - must be mounted/copied to /anchore-engine.
-f [optional] Exit script upon failed Anchore policy evaluation.
-r [optional] Generate analysis reports.
-t [optional] Specify timeout for image scanning (defaults to 300s).
https://github.com/anchore/ci-tools/blob/master/Dockerfile
For more information on usage and some scripts to implement the full inline scan process see: https://github.com/anchore/ci-tools
docker pull anchore/inline-scan