npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@datafire/anchore

v4.0.0

Published

DataFire integration for Anchore Engine API Server

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

datafiredatafire

Keywords

Readme

@datafire/anchore

Client library for Anchore Engine API Server

Installation and Usage

npm install --save @datafire/anchore
let anchore = require('@datafire/anchore').create();

.then(data => {
  console.log(data);
});

Description

This is the Anchore Engine API. Provides the primary external API for users of the service.

Actions

ping

Simple status check

anchore.ping(null, context)

Input

This action has no parameters

Output

  • output string

get_users_account

List the account for the authenticated user

anchore.get_users_account(null, context)

Input

This action has no parameters

Output

list_accounts

List user summaries. Only available to the system admin user.

anchore.list_accounts({}, context)

Input

  • input object
    • state string (values: enabled, disabled, deleting): Filter accounts by state

Output

create_account

Create a new user. Only avaialble to admin user.

anchore.create_account({
  "body": {
    "name": ""
  }
}, context)

Input

Output

delete_account

Delete the specified account, only allowed if the account is in the disabled state. All users will be deleted along with the account and all resources will be garbage collected

anchore.delete_account({
  "accountname": ""
}, context)

Input

  • input object
    • accountname required string

Output

Output schema unknown

get_account

Get info about an user. Only available to admin user. Uses the main user Id, not a username.

anchore.get_account({
  "accountname": ""
}, context)

Input

  • input object
    • accountname required string

Output

update_account_state

Update the state of an account to either enabled or disabled. For deletion use the DELETE route

anchore.update_account_state({
  "accountname": "",
  "body": {}
}, context)

Input

  • input object

Output

list_users

List accounts for the user

anchore.list_users({
  "accountname": ""
}, context)

Input

  • input object
    • accountname required string

Output

  • output array: List of user credential records

create_user

Create a new user

anchore.create_user({
  "accountname": "",
  "body": {
    "username": "",
    "password": ""
  }
}, context)

Input

Output

delete_user

Delete a specific user credential by username of the credential. Cannot be the credential used to authenticate the request.

anchore.delete_user({
  "accountname": "",
  "username": ""
}, context)

Input

  • input object
    • accountname required string
    • username required string

Output

Output schema unknown

get_account_user

Get a specific user in the specified account

anchore.get_account_user({
  "accountname": "",
  "username": ""
}, context)

Input

  • input object
    • accountname required string
    • username required string

Output

delete_user_credential

Delete a credential by type

anchore.delete_user_credential({
  "accountname": "",
  "username": "",
  "credential_type": ""
}, context)

Input

  • input object
    • accountname required string
    • username required string
    • credential_type required string (values: password)

Output

Output schema unknown

list_user_credentials

Get current credential summary

anchore.list_user_credentials({
  "accountname": "",
  "username": ""
}, context)

Input

  • input object
    • accountname required string
    • username required string

Output

create_user_credential

add/replace credential

anchore.create_user_credential({
  "accountname": "",
  "username": "",
  "body": {
    "type": "",
    "value": ""
  }
}, context)

Input

  • input object
    • accountname required string
    • username required string
    • body required AccessCredential

Output

list_archives

anchore.list_archives(null, context)

Input

This action has no parameters

Output

list_analysis_archive

anchore.list_analysis_archive(null, context)

Input

This action has no parameters

Output

archive_image_analysis

anchore.archive_image_analysis({
  "body": []
}, context)

Input

Output

delete_archived_analysis

Performs a synchronous archive deletion

anchore.delete_archived_analysis({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string
    • force boolean

Output

get_archived_analysis

Returns the archive metadata record identifying the image and tags for the analysis in the archive.

anchore.get_archived_analysis({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string: The image digest to identify the image analysis

Output

list_analysis_archive_rules

anchore.list_analysis_archive_rules({}, context)

Input

  • input object
    • system_global boolean: If true include system global rules (owned by admin) even for non-admin users. Defaults to true if not set. Can be set to false to exclude globals

Output

create_analysis_archive_rule

anchore.create_analysis_archive_rule({
  "body": {
    "transition": ""
  }
}, context)

Input

Output

delete_analysis_archive_rule

anchore.delete_analysis_archive_rule({
  "ruleId": ""
}, context)

Input

  • input object
    • ruleId required string

Output

get_analysis_archive_rule

anchore.get_analysis_archive_rule({
  "ruleId": ""
}, context)

Input

  • input object
    • ruleId required string

Output

list_event_types

Returns list of event types in the category hierarchy

anchore.list_event_types(null, context)

Input

This action has no parameters

Output

delete_events

Delete all or a subset of events filtered using the optional query parameters

anchore.delete_events({}, context)

Input

  • input object
    • before string: Delete events that occurred before the timestamp
    • since string: Delete events that occurred after the timestamp
    • level string: Delete events that match the level - INFO or ERROR
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

  • output array
    • items string

list_events

Returns a paginated list of events in the descending order of their occurrence. Optional query parameters may be used for filtering results

anchore.list_events({}, context)

Input

  • input object
    • source_servicename string: Filter events by the originating service
    • source_hostid string: Filter events by the originating host ID
    • event_type string: Filter events by a prefix match on the event type (e.g. "user.image.")
    • resource_type string: Filter events by the type of resource - tag, imageDigest, repository etc
    • resource_id string: Filter events by the id of the resource
    • level string: Filter events by the level - INFO or ERROR
    • since string: Return events that occurred after the timestamp
    • before string: Return events that occurred before the timestamp
    • page integer: Pagination controls - return the nth page of results. Defaults to first page if left empty
    • limit integer: Number of events in the result set. Defaults to 100 if left empty
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

delete_event

Delete an event by its event ID

anchore.delete_event({
  "eventId": ""
}, context)

Input

  • input object
    • eventId required string: Event ID of the event to be deleted
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

Output schema unknown

get_event

Lookup an event by its event ID

anchore.get_event({
  "eventId": ""
}, context)

Input

  • input object
    • eventId required string: Event ID of the event for lookup
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

health_check

Health check, returns 200 and no body if service is running

anchore.health_check(null, context)

Input

This action has no parameters

Output

Output schema unknown

delete_images_async

Delete analysis for image digests in the list asynchronously

anchore.delete_images_async({
  "imageDigests": []
}, context)

Input

  • input object
    • imageDigests required array
    • force boolean
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

list_images

List all images visible to the user

anchore.list_images({}, context)

Input

  • input object
    • history boolean: Include image history in the response
    • fulltag string: Full docker-pull string to filter results by (e.g. docker.io/library/nginx:latest, or myhost.com:5000/testimages:v1.1.1)
    • image_status string (values: all, active, deleting): Filter by image_status value on the record. Default if omitted is 'active'.
    • analysis_status string (values: not_analyzed, analyzed, analyzing, analysis_failed): Filter by analysis_status value on the record.
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

add_image

Creates a new analysis task that is executed asynchronously

anchore.add_image({
  "body": {}
}, context)

Input

  • input object
    • force boolean: Override any existing entry in the system
    • autosubscribe boolean: Instruct engine to automatically begin watching the added tag for updates from registry
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)
    • body required ImageAnalysisRequest

Output

delete_image_by_imageId

Delete image by docker imageId

anchore.delete_image_by_imageId({
  "imageId": ""
}, context)

Input

  • input object
    • imageId required string
    • force boolean
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_image_by_imageId

Lookup image by docker imageId

anchore.get_image_by_imageId({
  "imageId": ""
}, context)

Input

  • input object
    • imageId required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_image_policy_check_by_imageId

Get the policy evaluation for the given image

anchore.get_image_policy_check_by_imageId({
  "imageId": "",
  "tag": ""
}, context)

Input

  • input object
    • imageId required string
    • policyId string
    • tag required string
    • detail boolean
    • history boolean
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

list_image_content_by_imageid

List image content types

anchore.list_image_content_by_imageid({
  "imageId": ""
}, context)

Input

  • input object
    • imageId required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

  • output array
    • items string

get_image_content_by_type_imageId_files

Get the content of an image by type files

anchore.get_image_content_by_type_imageId_files({
  "imageId": ""
}, context)

Input

  • input object
    • imageId required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_image_content_by_type_imageId_javapackage

Get the content of an image by type java

anchore.get_image_content_by_type_imageId_javapackage({
  "imageId": ""
}, context)

Input

  • input object
    • imageId required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_image_content_by_type_imageId

Get the content of an image by type

anchore.get_image_content_by_type_imageId({
  "imageId": "",
  "ctype": ""
}, context)

Input

  • input object
    • imageId required string
    • ctype required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_image_vulnerability_types_by_imageId

Get vulnerability types

anchore.get_image_vulnerability_types_by_imageId({
  "imageId": ""
}, context)

Input

  • input object
    • imageId required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

  • output array
    • items string (values: all, os, non-os)

get_image_vulnerabilities_by_type_imageId

Get vulnerabilities by type

anchore.get_image_vulnerabilities_by_type_imageId({
  "imageId": "",
  "vtype": ""
}, context)

Input

  • input object
    • imageId required string
    • vtype required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

delete_image

Delete an image analysis

anchore.delete_image({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string
    • force boolean
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_image

Get image metadata

anchore.get_image({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

list_file_content_search_results

Return a list of analyzer artifacts of the specified type

anchore.list_file_content_search_results({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string

Output

list_retrieved_files

Return a list of analyzer artifacts of the specified type

anchore.list_retrieved_files({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string

Output

list_secret_search_results

Return a list of analyzer artifacts of the specified type

anchore.list_secret_search_results({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string

Output

get_image_policy_check

Get the policy evaluation for the given image

anchore.get_image_policy_check({
  "imageDigest": "",
  "tag": ""
}, context)

Input

  • input object
    • imageDigest required string
    • policyId string
    • tag required string
    • detail boolean
    • history boolean
    • interactive boolean
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

list_image_content

List image content types

anchore.list_image_content({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

  • output array
    • items string

get_image_content_by_type_files

Get the content of an image by type files

anchore.get_image_content_by_type_files({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_image_content_by_type_javapackage

Get the content of an image by type java

anchore.get_image_content_by_type_javapackage({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_image_content_by_type_malware

Get the content of an image by type malware

anchore.get_image_content_by_type_malware({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_image_content_by_type

Get the content of an image by type

anchore.get_image_content_by_type({
  "imageDigest": "",
  "ctype": ""
}, context)

Input

  • input object
    • imageDigest required string
    • ctype required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

list_image_metadata

List image metadata types

anchore.list_image_metadata({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

  • output array
    • items string

get_image_metadata_by_type

Get the metadata of an image by type

anchore.get_image_metadata_by_type({
  "imageDigest": "",
  "mtype": ""
}, context)

Input

  • input object
    • imageDigest required string
    • mtype required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_image_vulnerability_types

Get vulnerability types

anchore.get_image_vulnerability_types({
  "imageDigest": ""
}, context)

Input

  • input object
    • imageDigest required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

  • output array
    • items string (values: all, os, non-os)

get_image_vulnerabilities_by_type

Get vulnerabilities by type

anchore.get_image_vulnerabilities_by_type({
  "imageDigest": "",
  "vtype": ""
}, context)

Input

  • input object
    • imageDigest required string
    • vtype required string
    • force_refresh boolean
    • vendor_only boolean
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

import_image_archive

Import an anchore image tar.gz archive file.

anchore.import_image_archive({
  "archive_file": ""
}, context)

Input

  • input object
    • archive_file required string: anchore image tar archive.

Output

get_oauth_token

Request a jwt token for subsequent operations, this request is authenticated with normal HTTP auth

anchore.get_oauth_token({}, context)

Input

  • input object
    • client_id string: The type of client used for the OAuth token
    • grant_type string: OAuth Grant type for token
    • password string: Password for corresponding user
    • username string: User to assign OAuth token to

Output

list_policies

List all saved policy bundles

anchore.list_policies({}, context)

Input

  • input object
    • detail boolean: Include policy bundle detail in the form of the full bundle content for each entry
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

add_policy

Adds a new policy bundle to the system

anchore.add_policy({
  "body": {
    "id": "",
    "version": "",
    "policies": [],
    "mappings": []
  }
}, context)

Input

  • input object
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)
    • body required PolicyBundle

Output

delete_policy

Delete the specified policy

anchore.delete_policy({
  "policyId": ""
}, context)

Input

  • input object
    • policyId required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

Output schema unknown

get_policy

Get the policy bundle content

anchore.get_policy({
  "policyId": ""
}, context)

Input

  • input object
    • policyId required string
    • detail boolean: Include policy bundle detail in the form of the full bundle content for each entry
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

update_policy

Update/replace and existing policy

anchore.update_policy({
  "policyId": "",
  "body": {}
}, context)

Input

  • input object
    • policyId required string
    • active boolean: Mark policy as active
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)
    • body required PolicyBundleRecord

Output

query_images_by_package

Filterable query interface to search for images containing specified package

anchore.query_images_by_package({
  "name": ""
}, context)

Input

  • input object
    • name required string: Name of package to search for (e.g. sed)
    • package_type string: Type of package to filter on (e.g. dpkg)
    • version string: Version of named package to filter on (e.g. 4.4-1)
    • page string: The page of results to fetch. Pages start at 1
    • limit integer: Limit the number of records for the requested page. If omitted or set to 0, return all results in a single page
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

query_images_by_vulnerability

Returns a listing of images and their respective packages vulnerable to the given vulnerability ID

anchore.query_images_by_vulnerability({
  "vulnerability_id": ""
}, context)

Input

  • input object
    • vulnerability_id required string: The ID of the vulnerability to search for within all images stored in anchore-engine (e.g. CVE-1999-0001)
    • namespace string: Filter results to images within the given vulnerability namespace (e.g. debian:8, ubuntu:14.04)
    • affected_package string: Filter results to images with vulnable packages with the given package name (e.g. libssl)
    • severity string (values: Unknown, Negligible, Low, Medium, High, Critical): Filter results to vulnerable package/vulnerability with the given severity
    • vendor_only boolean: Filter results to include only vulnerabilities that are not marked as invalid by upstream OS vendor data
    • page integer: The page of results to fetch. Pages start at 1
    • limit integer: Limit the number of records for the requested page. If omitted or set to 0, return all results in a single page
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

query_vulnerabilities

List (w/filters) vulnerability records known by the system, with affected packages information if present

anchore.query_vulnerabilities({
  "id": []
}, context)

Input

  • input object
    • id required array: The ID of the vulnerability (e.g. CVE-1999-0001)
    • affected_package string: Filter results by specified package name (e.g. sed)
    • affected_package_version string: Filter results by specified package version (e.g. 4.4-1)
    • page string: The page of results to fetch. Pages start at 1
    • limit integer: Limit the number of records for the requested page. If omitted or set to 0, return all results in a single page
    • namespace array: Namespace(s) to filter vulnerability records by

Output

list_registries

List all configured registries the system can/will watch

anchore.list_registries({}, context)

Input

  • input object
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

create_registry

Adds a new registry to the system

anchore.create_registry({
  "body": {}
}, context)

Input

  • input object
    • validate boolean: flag to determine whether or not to validate registry/credential at registry add time
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)
    • body required RegistryConfigurationRequest

Output

delete_registry

Delete a registry configuration record from the system. Does not remove any images.

anchore.delete_registry({
  "registry": ""
}, context)

Input

  • input object
    • registry required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

Output schema unknown

get_registry

Get information on a specific registry

anchore.get_registry({
  "registry": ""
}, context)

Input

  • input object
    • registry required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

update_registry

Replaces an existing registry record with the given record

anchore.update_registry({
  "registry": "",
  "body": {}
}, context)

Input

  • input object
    • registry required string
    • validate boolean: flag to determine whether or not to validate registry/credential at registry update time
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)
    • body required RegistryConfigurationRequest

Output

add_repository

Add repository to watch

anchore.add_repository({
  "repository": ""
}, context)

Input

  • input object
    • repository required string: full repository to add e.g. docker.io/library/alpine
    • autosubscribe boolean: flag to enable/disable auto tag_update activation when new images from a repo are added
    • lookuptag string: use specified existing tag to perform repo scan (default is 'latest')
    • dryrun boolean: flag to return tags in the repository without actually watching the repository, default is false
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_status

Get the API service status

anchore.get_status(null, context)

Input

This action has no parameters

Output

list_subscriptions

List all subscriptions

anchore.list_subscriptions({}, context)

Input

  • input object
    • subscription_key string: filter only subscriptions matching key
    • subscription_type string: filter only subscriptions matching type
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

add_subscription

Create a new subscription to watch a tag and get notifications of changes

anchore.add_subscription({
  "body": {}
}, context)

Input

  • input object
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)
    • body required SubscriptionRequest

Output

delete_subscription

Delete subscriptions of a specific type

anchore.delete_subscription({
  "subscriptionId": ""
}, context)

Input

  • input object
    • subscriptionId required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

Output schema unknown

get_subscription

Get a specific subscription set

anchore.get_subscription({
  "subscriptionId": ""
}, context)

Input

  • input object
    • subscriptionId required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

update_subscription

Update an existing and specific subscription

anchore.update_subscription({
  "subscriptionId": "",
  "body": {}
}, context)

Input

  • input object
    • subscriptionId required string
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)
    • body required SubscriptionUpdate

Output

list_imagetags

List all image tags visible to the user

anchore.list_imagetags({}, context)

Input

  • input object
    • image_status array: Filter images in one or more states such as active, deleting. Defaults to active images only if unspecified
    • x-anchore-account string: An account name to change the resource scope of the request to that account, if permissions allow (admin only)

Output

get_service_detail

Get the system status including queue lengths

anchore.get_service_detail(null, context)

Input

This action has no parameters

Output

describe_error_codes

Describe anchore engine error codes.

anchore.describe_error_codes(null, context)

Input

This action has no parameters

Output

get_system_feeds

Return a list of feed and their groups along with update and record count information. This data reflects the state of the policy engine, not the upstream feed service itself.

anchore.get_system_feeds(null, context)

Input

This action has no parameters

Output

post_system_feeds

Execute a synchronous feed sync operation. The response will block until complete, then return the result summary.

anchore.post_system_feeds({}, context)

Input

  • input object
    • flush boolean: instruct system to flush existing data feeds records from anchore-engine
    • sync boolean: instruct system to re-sync data feeds

Output

delete_feed

Delete the groups and data for the feed and disable the feed itself

anchore.delete_feed({
  "feed": ""
}, context)

Input

  • input object
    • feed required string

Output

Output schema unknown

toggle_feed_enabled

Disable the feed so that it does not sync on subsequent sync operations

anchore.toggle_feed_enabled({
  "feed": "",
  "enabled": true
}, context)

Input

  • input object
    • feed required string
    • enabled required boolean

Output

delete_feed_group

Delete the group data and disable the group itself

anchore.delete_feed_group({
  "feed": "",
  "group": ""
}, context)

Input

  • input object
    • feed required string
    • group required string

Output

Output schema unknown

toggle_group_enabled

Disable a specific group within a feed to not sync

anchore.toggle_group_enabled({
  "feed": "",
  "group": "",
  "enabled": true
}, context)

Input

  • input object
    • feed required string
    • group required string
    • enabled required boolean

Output

describe_policy

Get the policy language spec for this service

anchore.describe_policy(null, context)

Input

This action has no parameters

Output

  • output array: List of Gate specifications

list_services

List system services

anchore.list_services(null, context)

Input

This action has no parameters

Output

get_services_by_name

Get a service configuration and state

anchore.get_services_by_name({
  "servicename": ""
}, context)

Input

  • input object
    • servicename required string

Output

delete_service

Delete the service config

anchore.delete_service({
  "servicename": "",
  "hostid": ""
}, context)

Input

  • input object
    • servicename required string
    • hostid required string

Output

Output schema unknown

get_services_by_name_and_host

Get service config for a specific host

anchore.get_services_by_name_and_host({
  "servicename": "",
  "hostid": ""
}, context)

Input

  • input object
    • servicename required string
    • hostid required string

Output

test_webhook

Loads the Webhook configuration for webhook_type, and sends the notification out as a test

anchore.test_webhook({
  "webhook_type": ""
}, context)

Input

  • input object
    • webhook_type required string: The Webhook Type that we should test
    • notification_type string (values: tag_update, analysis_update, vuln_update, policy_eval): What kind of Notification to send

Output

Output schema unknown

get_user

List authenticated user info

anchore.get_user(null, context)

Input

This action has no parameters

Output

get_credentials

Get current credential summary

anchore.get_credentials(null, context)

Input

This action has no parameters

Output

add_credential

add/replace credential

anchore.add_credential({
  "body": {
    "type": "",
    "value": ""
  }
}, context)

Input

Output

version_check

Returns the version object for the service, including db schema version info

anchore.version_check(null, context)

Input

This action has no parameters

Output

Definitions

AccessCredential

  • AccessCredential object: A login credential mapped to a user identity. For password credentials, the username to present for Basic auth is the user's username from the user record
    • created_at string: The timestamp of creation of the credential
    • type required string (values: password): The type of credential
    • value required string: The credential value (e.g. the password)

Account

  • Account object: Account information
    • created_at string: The timestamp when the account was created
    • email string: Optional email address associated with the account
    • last_updated string: The timestamp of the last update to the account metadata itself (not users or creds)
    • name required string: The account identifier, not updatable after creation
    • state string (values: enabled, disabled, deleting): State of the account. Disabled accounts prevent member users from logging in, deleting accounts are disabled and pending deletion and will be removed once all owned resources are garbage collected by the system
    • type string (values: user, admin, service): The user type (admin vs user). If not specified in a POST request, 'user' is default

AccountCreationRequest

  • AccountCreationRequest object: An account to create/add to the system. If already exists will return 400.
    • email string: An optional email to associate with the account for contact purposes
    • name required string: The account name to use. This will identify the account and must be globally unique in the system.

AccountList

AccountStatus

  • AccountStatus object: A summary of account status
    • state string (values: enabled, disabled): The status of the account

AddAnalysisArchiveResult

AnalysisArchiveAddResult

  • AnalysisArchiveAddResult object: The result of adding a single digest to the archive
    • detail string: Details on the status, e.g. the error message
    • digest string: The image digest requested to be added
    • status string (values: archived, archiving, error): The status of the archive add operation. Typically either 'archived' or 'error'

AnalysisArchiveRules

  • AnalysisArchiveRules array: Rule set for automatic archiving of system objects and flushing of archived objects (permament delete).

AnalysisArchiveRulesSummary

  • AnalysisArchiveRulesSummary object: Summary of the transition rule set
    • count integer: The number of rules for this account
    • last_updated string: The newest last_updated timestamp from the set of rules

AnalysisArchiveSource

  • AnalysisArchiveSource object: An image reference in the analysis archive for the purposes of loading analysis from the archive into th working set
    • digest required string: The image digest identify the analysis. Archived analyses are based on digest, tag records are restored as analysis is restored.

AnalysisArchiveSummary

  • AnalysisArchiveSummary object: A summarization of the analysis archive, including size, counts, etc. This archive stores image analysis only, never the actual image content or layers.
    • last_updated string: The timestamp of the most recent archived image
    • total_data_bytes integer: The total sum of all the bytes stored to the backing storage. Accounts for anchore-applied compression, but not compression by the underlying storage system.
    • total_image_count integer: The number of unique images (digests) in the archive
    • total_tag_count integer: The number of tag records (registry/repo:tag pull strings) in the archive. This may include repeated tags but will always have a unique tag->digest mapping per record.

AnalysisArchiveTransitionHistory

  • AnalysisArchiveTransitionHistory object: A rule for auto-archiving image analysis by time and/or tag-history
    • created_at string
    • imageDigest string
    • last_updated string
    • rule_id string
    • transition string (values: archive, delete)
    • transition_task_id string: The task that created & updated this entry

AnalysisArchiveTransitionRule

  • AnalysisArchiveTransitionRule object: A rule for auto-archiving image analysis by time and/or tag-history
    • analysis_age_days integer: Matches if the analysis is strictly older than this number of days
    • created_at string
    • exclude AnalysisArchiveTransitionRuleExclude
    • last_updated string
    • max_images_per_account integer: This is the maximum number of image analyses an account can have. Can only be set on system_global rules
    • selector ImageSelector
    • system_global boolean: True if the rule applies to all accounts in the system. This is only available to admin users to update/modify, but all users with permission to list rules can see them
    • tag_versions_newer integer: Number of images mapped to the tag that are newer
    • transition required string (values: archive, delete): The type of transition to make. If "archive", then archive an image from the working set and remove it from the working set. If "delete", then match against archived images and delete from the archive if match.

AnalysisArchiveTransitionRuleExclude

  • AnalysisArchiveTransitionRuleExclude object: Which Images to exclude from auto-archiving logic
    • expiration_days integer: How long the image selected will be excluded from the archive transition
    • selector ImageSelector

AnalysisUpdateEval

  • AnalysisUpdateEval object: Evaluation Results for an entity (current or last)
    • analysis_status string
    • annotations object
    • image_digest string

AnalysisUpdateNotification

  • AnalysisUpdateNotification
    • created_at integer
    • dataId string
    • last_updated integer
    • max_tries integer
    • queueId string
    • record_state_key string
    • record_state_val string
    • tries integer
    • userId string
    • data AnalysisUpdateNotificationData

AnalysisUpdateNotificationData

AnalysisUpdateNotificationPayload

  • AnalysisUpdateNotificationPayload
    • notificationId string
    • subscription_key string
    • subscription_type string
    • userId string
    • annotations object: List of Corresponding Image Annotations
    • curr_eval AnalysisUpdateEval
    • last_eval AnalysisUpdateEval

AnchoreErrorCode

  • AnchoreErrorCode object: A description of an anchore error code (name, description)
    • description string: Description of the error code
    • name string: Error code name

AnchoreImage

  • AnchoreImage object: A unique image in the engine. May have multiple tags or references. Unique to an image content across registries or repositories.
    • analysis_status string (values: not_analyzed, analyzing, analyzed, analysis_failed): A state value for the current status of the analysis progress of the image
    • annotations object
    • created_at string
    • imageDigest string
    • image_content ImageContent
    • image_detail array: Details specific to an image reference and type such as tag and image source
    • image_status string (values: active, inactive, disabled): State of the image
    • last_updated string
    • userId string

AnchoreImageList

  • AnchoreImageList array: A list of Anchore Images

AnchoreImageTagSummary

  • AnchoreImageTagSummary object: A unique image in the engine.
    • analysis_status string
    • analyzed_at integer
    • created_at integer
    • fulltag string
    • imageDigest string
    • imageId string
    • image_status string
    • parentDigest string
    • tag_detected_at integer

AnchoreImageTagSummaryList

ApiErrorResponse

  • ApiErrorResponse object: Generic HTTP API error response
    • code integer
    • detail object: Details structure for additional information about the error if available. Content and structure will be error specific.
    • error_type string
    • message string

ArchiveSummary

  • ArchiveSummary object: A summarization of the available archives, a place to for long-term storage of audit, analysis, or other data to remove it from the system's working set but keep it available.

ArchivedAnalyses

ArchivedAnalysis

  • ArchivedAnalysis object
    • analyzed_at string
    • annotations object: User provided annotations as key-value pairs
    • archive_size_bytes integer: The size, in bytes, of the analysis archive file
    • created_at string
    • imageDigest string: The image digest (digest of the manifest describing the image, per docker spec)
    • image_detail array: List of tags associated with the image digest
    • last_updated string
    • parentDigest string: The digest of a parent manifest (for manifest-list images)
    • status string (values: archiving, archived, deleting, deleted): The archival status

BaseNotificationData

  • BaseNotificationData object: Every notification has a payload, which follows this basic structure
    • notification_type string
    • notification_user string
    • notification_user_email string

CVSSV2Scores

  • CVSSV2Scores object
    • base_score number
    • exploitability_score number
    • impact_score number

CVSSV3Scores

  • CVSSV3Scores object
    • base_score number
    • exploitability_score number
    • impact_score number

ContentFilesResponse

  • ContentFilesResponse object: File content listings from images
    • content array
      • items object
        • filename string
        • gid integer
        • linkdest string
        • mode string
        • sha256 string
        • size integer
        • type string
        • uid integer
    • content_type string
    • imageDigest string

ContentJAVAPackageResponse

  • ContentJAVAPackageResponse object: Java package content listings from images
    • content array
      • items object
        • implementation-version string
        • location string
        • maven-version string
        • origin string
        • package string
        • specification-version string
        • type string
    • content_type string
    • imageDigest string

ContentMalwareResponse

  • ContentMalwareResponse object: Malware listing response
    • content array: List of malware scan results, one per scanner configured to run
    • content_type string
    • imageDigest string

ContentPackageResponse

  • ContentPackageResponse object: Package content listings from images
    • content array
      • items object
        • license string: Deprecated in favor of the 'licenses' field"
        • licenses array
          • items string
        • location string
        • origin string
        • package string
        • size string
        • type string
        • version string
    • content_type string
    • imageDigest string

ContentResponse

  • ContentResponse object: Generic wrapper for content listings from images
    • content array
      • items object
    • content_type string
    • imageDigest string

CredentialList

DeleteImageResponse

  • DeleteImageResponse object: Image deletion response containing status and details
    • detail string
    • digest required string
    • status required string (values: not_found, deleting, delete_failed): Current status of the image deletion

DeleteImageResponseList

EventCategory

  • EventCategory object: A collection of event subcategories

EventDescription

  • EventDescription object: A description of an event type
    • message string: The message associated with the event type
    • name string: The event type. The last component of the fully-qualified event_type (category.subcategory.event)
    • resource_type string: The type of resource this event is generated from
    • type string: The fully qualified event type as would be seen in the event payload

EventResponse

  • EventResponse object: A record of occurance of an asynchronous event triggered either by system or by user activity
    • created_at string
    • event object
      • category string
      • details object
      • level string
      • message string
      • resource object
        • id string
        • type string
        • user_id string
      • source object
        • base_url string
        • hostid string
        • request_id string
        • servicename string
      • timestamp string
      • type string
    • generated_uuid string

EventSubcategory

  • EventSubcategory object: A collection of events related to each other

EventTypesList

  • EventTypesList array: Array of EventCategory objects

EventsList

  • EventsList object: Response envelope for paginated listing of events
    • item_count integer: Number of events in this page
    • next_page boolean: Boolean flag, True indicates there are more events and False otherwise
    • page integer: Page number of this result set
    • results array: List of events

FeedGroupMetadata

  • FeedGroupMetadata object
    • created_at string
    • last_sync string
    • name string
    • record_count integer

FeedMetadata

  • FeedMetadata object: Metadata on a single feed based on what the engine finds from querying the endpoints
    • created_at string: Date the metadata record was created in engine (first seen on source)
    • groups array
    • last_full_sync string
    • name string: name of the feed
    • updated_at string: Date the metadata was last updated

FeedSyncResult

  • FeedSyncResult object: The result of a sync of a single feed
    • feed string: The name of the feed synced
    • groups array: Array of group sync results
    • status string (values: success, failure): The result of the sync operations, either co
    • total_time_seconds number: The duratin, in seconds, of the sync of the feed, the sum of all the group syncs

FeedSyncResults

  • FeedSyncResults array: An array of feed sync summaries representing the result of an explicit feed sync operation

FileContentSearchList

FileContentSearchResult

  • FileContentSearchResult object: The retrieved file entry including content (b64 encoded)

GateSpec

  • GateSpec object: A description of the set of gates available in this engine and the triggers and parameters supported
    • description string: Description of the gate
    • name string: Gate name, as it would appear in a policy document
    • state string (values: active, deprecated, eol): State of the gate and transitively all triggers it contains if not 'active'
    • superceded_by string: The name of another trigger that supercedes this on functionally if this is deprecated
    • triggers array: List of the triggers that can fire for this Gate

GenericNotificationPayload

  • GenericNotificationPayload object: Parent class for Notification Payloads
    • notificationId string
    • subscription_key string
    • subscription_type string
    • userId string

GroupSyncResult

  • GroupSyncResult object
    • group string: The name of the group
    • status string (values: success, failure)
    • total_time_seconds number: The duration of the group sync in seconds
    • updated_image_count integer: The number of images updated by the this group sync, across all accounts. This is typically only non-zero for vulnerability feeds which update images' vulnerability results during the sync.
    • updated_record_count integer: The number of feed data records synced down as either updates or new records

ImageAnalysisReferences

  • ImageAnalysisReferences array: List of image digests to archive
    • items string: Image digest

ImageAnalysisReport

  • ImageAnalysisReport object: Analysis report json to be imported

ImageAnalysisRequest

  • ImageAnalysisRequest object: A request to add an image to be watched and analyzed by the engine. Optionally include the dockerfile content. Either source, digest or tag must be present.
    • annotations object: Annotations to be associated with the added image in key/value form
    • created_at string: Optional override of the image creation time, only honored when both tag and digest are also supplied e.g. 2018-10-17T18:14:00Z. Deprecated in favor of the 'source' field
    • digest string: A digest string for an image, maybe a pull string or just a digest. e.g. nginx@sha256:123 or sha256:abc123. If a pull string, it must have same regisry/repo as the tag field. Deprecated in favor of the 'source' field
    • dockerfile string: Base64 encoded content of the dockerfile for the image, if available. Deprecated in favor of the 'source' field.
    • image_type string: Optional. The type of image this is adding, defaults to "docker". This can be ommitted until multiple image types are supported.
    • source ImageSource
    • tag string: Full pullable tag reference for image. e.g. docker.io/nginx:latest. Deprecated in favor of the 'source' field

ImageContent

  • ImageContent object: A metadata content record for a specific image, containing different content type entries

ImageDetail

  • ImageDetail object: A metadata detail record for a specific image. Multiple detail records may map a single catalog image.
    • created_at string
    • dockerfile string
    • fulldigest string: Full docker-pullable digest string including the registry url and repository necessary get the image
    • fulltag string: Full docker-pullable tag string referencing the image
    • imageDigest string: The parent Anchore Image record to which this detail maps
    • imageId string
    • last_updated string
    • registry string
    • repo string
    • userId string

ImageFilter

  • ImageFilter object: Filter for an image list by id, tag, or digest, but not both
    • digest string
    • tag string

ImageRef

  • ImageRef object: A reference to an image
    • type required string (values: tag, digest, id)
    • value required string

ImageReference

  • ImageReference object: A summary of an image identity, including digest, id (if available), and any tags known to have ever been mapped to the digest
    • analyzed_at string: Timestamp, in rfc3339 format, indicating when the image state became 'analyzed' in Anchore Engine.
    • digest string: The image digest
    • id string: The image id if available
    • tag_history array

ImageSelectionRule

  • ImageSelectionRule object
    • id string
    • image required ImageRef
    • name required string
    • registry required string
    • repository required string

ImageSelector

  • ImageSelector object: A set of selection criteria to match an image by a tagged pullstring based on its components, with regex support in each field
    • registry string: The registry section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "docker.io"
    • repository string: The repository section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "anchore/anchore-engine"
    • tag string: The tag-only section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "latest"

ImageSource

ImageWithPackages

MalwareScan

  • MalwareScan object: A single scan from a scanner
    • enabled boolean: Indicates if the scanner is enabled
    • findings array
      • items object
        • path string: A path for a file in the image's rootfs
        • signature string: The malware signature found at the path
    • metadata object: Open schema for scanner-specific metadata related to the scan result
    • scanner string: The name of the scanner that produced the finding

MappingRule

  • MappingRule object
    • id string
    • image required ImageRef
    • name required string
    • policy_id string: Optional single policy to evalute, if set will override any value in policy_ids, for backwards compatibility. Generally, policy_ids should be used even with a array of length 1.
    • policy_ids array: List of policyIds to evaluate in order, to completion
      • items string: PolicyId to evaluate
    • registry required string
    • repository required string
    • whitelist_ids array
      • items string

MetadataResponse

  • MetadataResponse object: Generic wrapper for metadata listings from images
    • imageDigest string
    • metadata_type string

NotificationBase

  • NotificationBase object: base object for Notifications (every notification has this basic structure)
    • created_at integer
    • dataId string
    • last_updated integer
    • max_tries integer
    • queueId string
    • record_state_key string
    • record_state_val string
    • tries integer
    • userId string

NvdDataList

NvdDataObject

PackageReference

  • PackageReference object: A record of a software item which is vulnerable or carries a fix for a vulnerability
    • name string: Package name
    • type string: Package type (e.g. package, rpm, deb, apk, jar, npm, gem, ...)
    • version string: A version for the package. If null, then references all versions

PaginatedImageList

  • PaginatedImageList: Pagination wrapped list of images that match some filter
    • next_page string: True if additional pages exist (page + 1) or False if this is the last page
    • page string: The page number returned (should match the requested page query string param)
    • returned_count integer: The number of items sent in this response
    • images array

PaginatedVulnerabilityList

  • PaginatedVulnerabilityList: A paginated listing of vulnerability records sorted by ID in descending order
    • next_page string: True if additional pages exist (page + 1) or False if this is the last page
    • page string: The page number returned (should match the requested page query string param)
    • returned_count integer: The number of items sent in this response
    • vulnerabilities array: The listing of matching vulnerabilities for the query subject to pagination

PaginatedVulnerableImageList

  • PaginatedVulnerableImageList: Pagination wrapped list of images with vulnerabilties that match some filter
    • next_page string: True if additional pages exist (page + 1) or False if this is the last page
    • page string: The page number returned (should match the requested page query string param)
    • returned_count integer: The number of items sent in this response
    • images array

PaginationProperties

  • PaginationProperties object: Properties for common pagination handling to be included in any wrapping object that needs pagination elements
    • next_page string: True if additional pages exist (page + 1) or False if this is the last page
    • page string: The page number returned (should match the requested page query string param)
    • returned_count integer: The number of items sent in this response

Policy

  • Policy object
    • comment string
    • id required string
    • name string