anchore/inline-scan

By anchore

Updated almost 3 years ago

Image for performing vulnerability analysis on local docker images, using a stateless Anchore Engine

Image
7

1M+

Anchore Inline Scan

This is a specifically packaged container that includes anchore-engine, a registry, and a postgresdb necessary to perform a one-time analysis, vulnerability scan, and policy evaluation of an image without requiring the image be fetched from a remote registry.

This image is an internal component of the inline_scan script that executes the scan and handles input/output.

The script usage is here: https://github.com/anchore/ci-tools/blob/master/scripts/inline_scan

Usage

Starts Anchore Engine, Postgresql 9.6, and Docker Registry.
 
Finds docker image archives copied or mounted to /anchore-engine in the form of image+tag.tar.
Also supports taking stdin from the docker save command (use -i option to specify image name).
  
  Usage: ${0##*/} [ -f ] [ -r ] [ -d Dockerfile ] [ -b policy.json ] [ -i IMAGE_ONE ] [ -t 300 ]
      -d  [optional] Dockerfile name - must be mounted/copied to /anchore-engine.
      -i  [optional] Image name or file name location (use image name if piping in docker save stdout).
      -b  [optional] Anchore policy bundle name - must be mounted/copied to /anchore-engine.
      -f  [optional] Exit script upon failed Anchore policy evaluation.
      -r  [optional] Generate analysis reports.
      -t  [optional] Specify timeout for image scanning (defaults to 300s).

Dockerfile

https://github.com/anchore/ci-tools/blob/master/Dockerfile

For more information on usage and some scripts to implement the full inline scan process see: https://github.com/anchore/ci-tools

Docker Pull Command

docker pull anchore/inline-scan