Anchore Enterprise scanner reference for STO
You can scan your container images with Anchore Enterprise.
Important notes for running Anchore Enterprise scans in STO
All data ingestion methods are supported
You can run Orchestration, Extraction, and Ingestion workflows with Anchore Enterprise. This topic includes an Orchestration pipeline example below.
Scans in air-gapped environments are supported
You can run Anchore Enterprise scans in air-gapped environments. For more information, go to the Anchore Enterprise documentation:
Docker-in-Docker requirements
-
You need to add a Docker-in-Docker background step to scan container images on Kubernetes or Docker build infrastructures.
-
For Orchestrated and Extraction scans, you might want to increase the resource limits for your Docker-in-Docker background step. This can speed up your scan times, especially for large scans. For more information, go to Optimize STO pipelines.
Root access requirements
You need to run the scan step with root access if either of the following apply:
-
You need to run a Docker-in-Docker background service.
-
You need to add trusted certificates to your scan images at runtime.
You can set up your STO scan images and pipelines to run scans as non-root and establish trust for your own proxies using custom certificates. For more information, go to Configure STO to Download Images from a Private Registry.
For more information
The following topics contain useful information for setting up scanner integrations in STO:
Anchore Enterprise step settings in STO
The recommended workflow is to add an Anchore Enterprise step to a Build or Security stage and then configure it as described below.
Scan
Scan mode
- Orchestration Configure the step to run a scan and then ingest, normalize, and deduplicate the results.
- Extraction Configure the step to extract scan results from an external SaaS service and then ingest, normalize, and deduplicate the data.
- Ingestion Configure the step to read scan results from a data file and then ingest, normalize, and deduplicate the data.