AnchoreCTL Release Notes - Version 1.0.0

The latest version of AnchoreCTL is 1.0.0.

AnchoreCTL 1.0.0 represents the first stable release of the tool as the primary CLI for Anchore Enterprise users. Configuration, command structure and capabilities have all been renovated to support the usage of the client by administrators, users, and within scripting environments for automated integration

Added new administrative command groupings:

  • Account commands (add, get, list, delete, enable, disable)
  • User commands (add, get, list, delete, set-password)
  • Analysis archive rule commands (add, get, list, delete)
  • Analysis archive image commands (add, get list, delete, restore)
  • Event commands (get, list, delete)
  • Feed commands (list, sync)
  • Policy commands (add, get, list, delete, activate)
  • Registry commands (add, get list, delete, update)
  • Repo commands (add, get, list, delete, watch, unwatch)
  • Subscription commands (get, list, delete, activate, deactivate)
  • System commands (status, wait, delete)

The image add and source add commands have been revisited to additionally provide a simple way to extract common data from Anchore Enterprise:

  • anchorectl image add <my-image> --get vulnerabilities,content : get a summary of content and vulnerabilities to stdout
  • anchorectl image add <my-image> --get all=/path/to/store/results: get policy evaluation, vuln, and content results, and store all raw JSON files to /path/to/store/results
  • anchorectl image add <my-image> --get policy-evaluation: will get the policy evaluation results and set the return code to 1 if the policy evaluation is not passing (allowing use as a quality gate)

Added the ability to associate images and sources with an application name and version when adding into the system (e.g. anchorectl image add <my image> --application <name>@<version>).

The UI for all commands has been enhanced to convey intermediate progress and be transparent about actions taken to any result. For instance, using ANCHORECTL_DEBUG_API=true and increasing log levels to “debug” or “trace” (-vv or -vvv) will show individual API events and responses

The anchorectl.yaml application configuration has changed, use anchorectl --help to see the latest configuration schema

Added flag to switch output format for most commands to one of text, json, json-raw, or ID

Updated to using syft v0.52.0

Last modified June 7, 2023