The Anchore Engine is an open-source project that provides a centralized service for inspection, analysis, and certification of container images. It is provided as a Docker container image that can be run standalone or within an orchestration platform.
AN OPEN SOURCE TOOL FOR DEEP IMAGE INSPECTION AND VULNERABILITY SCANNING.
Anchore Engine allows developers to perform detailed analysis on container images, generating a software bill of materials. Through seamless integration with CI/CD systems, Anchore Engine can prevent publication of images containing known vulnerabilities.
Anchore Engine is fully-featured and flexible, and can work within a wide variety of environments and development pipelines.
IMAGE ANALYSIS: Perform deep inspection of container images, cataloging all operating system packages, files and software artifacts such as Ruby GEMs, JARs, and Node modules.
POLICY MANAGEMENT: Define and apply policies based on security best practices and use them to prevent dangerous builds from completing and problematic images from being deployed.
CONTINUOUS MONITORING: Policies are continuously evaluated to catch issues created when images are updated, CVEs are added or removed, or new best practices are established.
CI/CD INTEGRATION: Integrate Anchore Engine into CI/CD pipelines to ensure that builds are only successful when images meet custom security and compliance requirements.
HIGHLY CUSTOMIZABLE: Define checks for vulnerabilities, package whitelists, blacklists, configuration files, secrets in image, manifest changes, exposed ports and more.
ORCHESTRATION: Use Anchore Engine analysis and policy checks to ensure that only certified and secure images are deployed in Kubernetes or other Orchestration Platforms.