/garrison-agent-anchore-engine

Garrison Agent that provides Anchore Engine security checks

Primary LanguageRuby

Garrison Agent - Anchore Engine

This is a part of the Garrison security project. This agent provides CVE checks.

Checks Provided

Function Name Description
check_images Alerts for images with vulnerabilities
check_failed_analysis Alerts for images that failed to analyze

Installation & Example

Docker Hub - https://hub.docker.com/r/forward3d/garrison-agent-anchore-engine/

docker pull forward3d/garrison-agent-anchore-engine
docker run --rm -e "GARRISON_URL=https://garrison.internal.acme.com" -e "GARRISON_ANCHORE_URL=http://anchore-api.internal.acme.com" -e "GARRISON_ANCHORE_USER=admin" -e "GARRISON_ANCHORE_PASS=foobar" forward3d/garrison-agent-anchore-engine check_images

Agent Specific Configuration

These are additional specific configuration options for this agent. Global agent configurations still apply.

Environmental Variable Default Expects
GARRISON_ANCHORE_URL Full URL to the Anchore API eg. https://anchore-api.internal.acme.com
GARRISON_ANCHORE_USER Anchore API Username
GARRISON_ANCHORE_PASS Anchore API Password

Check Specific Configuration

check_images

Environmental Variable Default Expects
GARRISON_ANCHORE_VULN_TYPE all The vulnerability type you want to include, usual options are os, non-os, all

Severities

This table outlines how severities from Anchore Engine are mapped to Garrison severities...

Anchore Engine Severity Garrison Severity
high high
medium medium
low low
negligible info
unknown medium
Any other severity medium