How to Perform a Local CLI Anchore Container Image Vulnerability Scan with a cURL Command

Tremaine Eto
The Startup
Published in
5 min readJan 14, 2021

--

Original photo by ammiel jr on Unsplash; logo by Anchore; text by Tremaine Eto.

Anchore is a nice product available via open-source and an enterprise solution for identifying security vulnerabilities and flaws in container images. Through my day-to-day work, I’ve been able to become quite familiar with working with it; after all, its ability to be integrated into the software delivery lifecycle has made it pretty seamless.

Before we start, what does Anchore scan?

When you provide a Docker image to Anchore, it can return to you the security vulnerabilities pertaining to the associated application, operating system packages, secrets, passwords, third-party libraries, Dockerfile, and more.

Additionally, it has configuration for both blocklists and allowlists to fine-tune your deployment process; after all, you wouldn’t want a false positive security vulnerability that you’ve vetted to be a showstopper in your deployment pipeline.

How to scan with Anchore locally with your CLI

I mentioned that a mature approach to Anchore would be to incorporate Anchore into your deployment process, which would ideally somewhere in the CI/CD pipeline. However, both before that is in place and even during, it can be quite important and…

--

--

Tremaine Eto
The Startup

Senior Software Engineer @ Iterable | Previously worked at DIRECTV, AT&T, and Tinder | UCLA Computer Science alumni | Follow me for software engineering tips!