For an overview of the content hints and overrides features, see the feature overview
Enabling Content Hints
This feature is disabled by default to ensure that images may not exercise this feature without the admin’s explicit approval. This page will explain how to enable content hints for both Docker Compose and Kubernetes (Helm) deployments. Additionally, if you are performing distributed analysis of images and require hints detection you will ALSO need to modify your AnchoreCTL configuration.
🐳 Docker Compose
To configure your Docker Compose deployment and enable content hints you have two options.
If you supply a config.yaml to the analyzer(s) in your Docker Compose file, then set the enable_hints: true setting in the analyzer service section of config.yaml file.
If you don’t supply a config.yaml, you can add an environment variable ANCHORE_HINTS_ENABLED=true on the analyzer service.
This will also enable content hints detection during centralized analysis.
☸️ Kubernetes (Helm)
To configure your Kubernetes (Helm) deployment and enable content hints, you can update your values file and set anchoreConfig.analyzer.enable_hints: true. This will also enable content hints detection during centralized analysis.
anchoreConfig:
analyzer:
enable_hints: true
AnchoreCTL Distributed
In addition to enabling content hints in your deployment, you may also need to enable content hints detection for distributed analysis. This can be achieved by editing your AnchoreCTL configuration, for example ~/anchorectl.yaml as shown below. This enables the file cataloger which will add some computational overhead.
---
file-contents:
cataloger:
enabled: true
scope: squashed
skip-files-above-size: 1048576
globs: ['/anchore_hints.json']