Anchore Engine is a container image static analysis security tool that allows finding vulnerabilities and also automates the analysis of images against user-defined checks/policies.
In addition to the open source version, Anchore also has an Enterprise version with more useful features to verify the security of container images.
Twilio-Anchore is library developed in Python that facilitates the use of some features of the Anchore API.
The main purpose of this library is to ease the execution of those Anchore API features that allow to check the security of container images, such as:
- Get the information of the container images
- Obtain the vulnerabilities of the container images
- Obtain the contents of container images
- Obtaining information about the base image of the container images
- Evaluate policies against container images
- Obtain information about container images running on Kubernetes clusters
NOTE: This library is not intended to perform Anchore administration tasks, such as creating accounts/users or configuring container registries, etc.
Need to start now?
from anchore.service import AnchoreService
anchore_service = AnchoreService("https://analyzer.anchore.com", "anchoreuser", "password")
response = anchore_service.get_image("ubuntu:latest")
if response.get_status_code() == 200:
ubuntu_image = response.get_result()
To install twilio-anchore execute the following commands:
git clone https://github.com/twilio-labs/twilio-anchore.git
cd twilio-anchore
python3 -m pip install .
See the documentation for full details:
Some of these functionalities belong to the Enterprise version of Anchore, so it is necessary to review the documentation of each of the methods to know which ones require the Enterprise version.
If you have the Enterprise version of Anchore, all methods can be used without any restrictions.
For guidance on setting up a development environment and how to make a contribution to this project, see the contributing guidelines.