Anchore logo

Anchore

Anchore is a container and software supply chain security company providing open source and enterprise tools for vulnerability scanning, SBOM generation, policy enforcement, and continuous compliance. Core open source products include Syft (SBOM generator for container images and filesystems), Grype (vulnerability scanner), and Grant (license scanner). The Anchore Enterprise platform adds policy engines, CI/CD integrations, registry connectors, Kubernetes admission control, and reporting. Anchore supports CycloneDX and SPDX SBOM formats and integrates with Docker, Kubernetes, GitHub Actions, Jenkins, and major cloud registries.

1 APIs 1 Capabilities 10 Features
Container SecurityContainersSBOMSoftware Supply ChainVulnerability Scanning

APIs

Anchore Enterprise API

REST API for Anchore Enterprise providing image analysis, vulnerability scanning, policy evaluation, SBOM generation, subscription management, and reporting endpoints for enterp...

Capabilities

Anchore Container Security

Run with Naftiko

Features

Container image vulnerability scanning (OS and language packages)
SBOM generation in CycloneDX and SPDX formats (Syft)
Policy-based compliance enforcement
Kubernetes admission controller integration
CI/CD pipeline integration (GitHub Actions, Jenkins, GitLab)
Registry connectors (Docker Hub, ECR, GCR, ACR, Harbor)
License scanning and compliance (Grant)
Grype vulnerability database with NVD, GitHub Advisory, and custom feeds
Anchore Enterprise reporting and audit logging
REST API for image analysis, subscriptions, and notifications

Use Cases

Shift-left container security scanning in CI/CD pipelines
Generate SBOMs for software supply chain transparency
Enforce image policies at Kubernetes admission control
Track vulnerabilities across container registries and deployed images
License compliance scanning for open source components
Continuous compliance monitoring for regulated industries
Developer self-service security scanning via CLI tools

Integrations

GitHub Actions (syft-action, scan-action)
Kubernetes (anchore-charts, admission controller)
Docker and OCI registries
Jenkins pipeline integration
Harbor registry integration
Amazon ECR, Google GCR, Azure ACR
Grype vulnerability database
CycloneDX and SPDX SBOM standards

Semantic Vocabularies

Anchore Enterprise Api Context

0 classes · 14 properties

JSON-LD

API Governance Rules

Anchore API Rules

9 rules · 4 errors 4 warnings

SPECTRAL

Resources

🌐
Portal
Portal
🔗
Documentation
Documentation
🚀
GettingStarted
GettingStarted
🔑
Authentication
Authentication
👥
GitHubOrganization
GitHubOrganization
📰
Blog
Blog
💬
Support
Support
💰
Pricing
Pricing
🟢
StatusPage
StatusPage
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
🔗
JSONLD
JSONLD