Storage Configuration

Anchore Enterprise uses configurable storage mechanisms in accordance with a number of operations:

Storage During Analysis

Scratch Space

Anchore uses a local directory for image analysis operations including downloading layers and unpacking the image content for the analysis process. This space is necessary on each analyzer worker service and should not be shared. The scratch space is ephemeral and can have its lifecycle bound to that of the service container. For more information, see Scratch.

Layer Cache

The layer cache is an extension of the analyzer’s scratch space that is used to cache layer downloads to reduce analysis time and network usage during the analysis process itself. For more information, see, Layer Caching.

Storing Analysis Results (Active Data Set)

For structured data that must be quickly queried and indexed, Anchore relies on PostgreSQL as its primary data store. See here for deployment requirements.

Anchore Enterprise is a data intensive system and uses external storage systems for all data persistence. None of the services are stateful in themselves. For less structured data, Anchore implements an internal object store that can be overlayed on different backend providers, but defaults to also using the main postgres db to reduce the out-of-the-box dependencies. However, S3/S3-compatible is supported for leveraging external systems, for more information on the configuration of the DB driver see Database.

Archiving Analysis Results (Archive Data Set)

To aid in capacity management, Anchore provides a separate storage location where completed image analysis can be moved to. This reduces consumption of database capacity and primary object storage. It also removes the analysis from most API actions but makes it available to restore into the primary storage systems as needed. The analysis archive is configured as an alternate object store to the Active Data Set object store. For more information, see: Configuring Analysis Archive.