This is a part of the Garrison security project. This agent provides CVE checks.
| Function Name | Description |
|---|---|
check_images |
Alerts for images with vulnerabilities |
check_failed_analysis |
Alerts for images that failed to analyze |
Docker Hub - https://hub.docker.com/r/forward3d/garrison-agent-anchore-engine/
docker pull forward3d/garrison-agent-anchore-engine
docker run --rm -e "GARRISON_URL=https://garrison.internal.acme.com" -e "GARRISON_ANCHORE_URL=http://anchore-api.internal.acme.com" -e "GARRISON_ANCHORE_USER=admin" -e "GARRISON_ANCHORE_PASS=foobar" forward3d/garrison-agent-anchore-engine check_images
These are additional specific configuration options for this agent. Global agent configurations still apply.
| Environmental Variable | Default | Expects |
|---|---|---|
GARRISON_ANCHORE_URL |
Full URL to the Anchore API eg. https://anchore-api.internal.acme.com |
|
GARRISON_ANCHORE_USER |
Anchore API Username | |
GARRISON_ANCHORE_PASS |
Anchore API Password |
| Environmental Variable | Default | Expects |
|---|---|---|
GARRISON_ANCHORE_VULN_TYPE |
all |
The vulnerability type you want to include, usual options are os, non-os, all |
This table outlines how severities from Anchore Engine are mapped to Garrison severities...
| Anchore Engine Severity | Garrison Severity |
|---|---|
high |
high |
medium |
medium |
low |
low |
negligible |
info |
unknown |
medium |
| Any other severity | medium |