How to Perform a Local CLI Anchore Container Image Vulnerability Scan with a cURL Command
Anchore is a nice product available via open-source and an enterprise solution for identifying security vulnerabilities and flaws in container images. Through my day-to-day work, I’ve been able to become quite familiar with working with it; after all, its ability to be integrated into the software delivery lifecycle has made it pretty seamless.
Before we start, what does Anchore scan?
When you provide a Docker image to Anchore, it can return to you the security vulnerabilities pertaining to the associated application, operating system packages, secrets, passwords, third-party libraries, Dockerfile, and more.
Additionally, it has configuration for both blocklists and allowlists to fine-tune your deployment process; after all, you wouldn’t want a false positive security vulnerability that you’ve vetted to be a showstopper in your deployment pipeline.
How to scan with Anchore locally with your CLI
I mentioned that a mature approach to Anchore would be to incorporate Anchore into your deployment process, which would ideally somewhere in the CI/CD pipeline. However, both before that is in place and even during, it can be quite important and…