anchore - docker镜像安全扫描工具

1、环境准备
1.1安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2 git
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates
yum install docker-ce-18.03.0.ce -y
1.2开机启动并启动docker
systemctl enable docker && systemctl start docker
1.3查看docker版本
docker -v
1.4更换源为阿里源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
1.5安装epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
1.6安装rpm-python
yum install rpm-python
1.7安装dpkg
yum install dpkg -y
1.8安装 python-pip
yum install python-pip -y
1.9安装pip
pip install --upgrade pip
2、安装Anchore
pip install --trusted-host pypi.python.org --trusted-host pypi.org --trusted-host files.pythonhosted.org anchore
2.1查看版本
anchore --version
2.2初期化Anchore的Database
anchore feeds sync
2.3对镜像进行分析
anchore analyze --image daocloud.io/library/nginx:latest --imagetype base
2.4生成报告
anchore gate --image daocloud.io/library/nginx:latest
2.5确认CVE
anchore query --image daocloud.io/library/nginx:latest cve-scan all