UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Select Git revision
  • update-anchore-enterprise-tag-3.5.0-bb.1
  • alloy-auto-migrate
  • update-twistlock-tag-0.19.0-bb.3
  • lg-test-anchore-istio
  • alloy-namespace-migration
  • update-gitlab-tag-8.9.1-bb.1
  • dynamic-network-gitlab-311
  • 2499-headlamp-integration-with-big-bang
  • update-anchore-enterprise-tag-3.5.0-bb.0
  • all-packages-control-test
  • 2566-gateway-api-exploration
  • update-monitoring-tag-69.7.3-bb.0
  • all-packages-test
  • update-twistlock-tag-0.19.0-bb.1
  • 2592_hardcoded_username
  • 577th_enablement
  • master default protected
  • 190-integrate-bbctl-into-bb
  • update-argocd-tag-7.8.7-bb.1
  • fluentbit-167/add-dynamic-netpol
  • 2.48.0 protected
  • 2.48.0-rc.4 protected
  • 2.48.0-rc.3 protected
  • 2.48.0-rc.2 protected
  • 2.48.0-rc.1 protected
  • 2.47.0 protected
  • 2.47.0-rc.2 protected
  • 2.47.0-rc.1 protected
  • 2.47.0-rc.0 protected
  • 2.46.0 protected
  • 2.46.0-rc.0 protected
  • 2.45.1 protected
  • 2.45.1-rc.0 protected
  • 2.45.0 protected
  • 2.45.0-rc.0 protected
  • 2.44.0 protected
  • 2.44.0-rc.0 protected
  • 2.43.0 protected
  • 2.43.0-rc.1 protected
  • 2.43.0-rc.0 protected
40 results
Blame Permalink
3
anchore.md 8.55 KiB

Anchore

Overview

Anchore is a Docker container static analysis and policy-based compliance system that automates the inspection, analysis, and evaluation of images against user-defined checks to allow high confidence in container deployments by ensuring workload content meets the required criteria.

Anchore offers several open source tools and products, however, this document will cover the architectural touch points for the Big Bang Anchore package, which includes Anchore Engine (open source) and Anchore Enterprise (requires enterprise license). For more information on the differentiators between Anchore's open source and commercial offerings, see here.

Anchore Engine

graph LR
  subgraph "Anchore Engine"
    anchorepods("Anchore Pods")
    anchoreservice{{"API Service"}} --> anchorepods("Anchore Pods")
  end      

  subgraph "Ingress"
    ig(Ingress Gateway) --> anchoreservice
  end

  subgraph "Database Storage (Postgres)"
    anchorepods("Anchore Pods") --> database[(Anchore DB)]
  end

  subgraph "Object Storage (S3/Swift)"
    anchorepods("Anchore Pods") --> bucket[(Anchore Bucket)]
  end

Anchore Enterprise

graph LR
  subgraph "Anchore Enterprise"
    anchorepods("Anchore Pods")
    anchoreservice1{{"API Service"}} --> anchorepods("Anchore Pods")
    anchoreservice2{{"Enterprise UI Service"}} --> anchorepods("Anchore Pods")
  end      

  subgraph "Session Storage (Redis)"
    anchoreservice2 --> database3[("Enterprise UI DB")]
  end

  subgraph "Ingress"
    ig(Ingress Gateway) --> anchoreservice1
    ig(Ingress Gateway) --> anchoreservice2
  end

  subgraph "Database Storage (Postgres)"
    anchorepods("Anchore Pods") --> database1[(Anchore DB)]
    anchorepods("Anchore Pods") --> database2[(Enterprise Feeds DB)]
  end

  subgraph "Object Storage (S3/Swift)"
    anchorepods("Anchore Pods") --> bucket[(Anchore Bucket)]
  end

  subgraph "Logging"
    anchorepods("Anchore Pods") --> fluent(Fluentbit) --> logging-ek-es-http
    logging-ek-es-http{{Elastic Service<br />logging-ek-es-http}} --> elastic[(Elastic Storage)]
  end

  subgraph "Monitoring"
    svcmonitor("Service Monitor") --> anchoreservice1
    Prometheus --> svcmonitor("Service Monitor")
  end

For more information on the Anchore Enterprise architecture, see Enterprise Service Overview and Architecture.

Big Bang Touch Points

UNCLASSIFIED - NO CUI