In this section you will learn how to install and configure AnchoreCTL, the Anchore Enterprise CLI. It currently shares some functionality with anchore-cli is designed specifically for use with Anchore Enterprise. AnchoreCTL is published as a simple binary that can be installed by downloading it or using provided packages for installation in different platforms. Using AnchoreCTL, users can manage and inspect images, manage their false-positive management settings, manage their runtime inventory settings, interact with the runtime compliance API, and even generate/upload image SBOMs.

Getting Started

You can install AnchoreCTL using either archives or provided packages downloaded from the release site.

macOS .dmg

curl -o anchorectl.dmg

macOS Tar

curl -o anchorectl.tar.gz


curl -o anchorectl.deb


curl -o anchorectl.rpm

Linux Tar

curl -o anchorectl.tar.gz


curl -o


AnchoreCTL can be configured via a config file at the following locations, with the following precedence:

  1. Environment Vars (i.e. ANCHORECTL_ANCHORE_USER)
  2. Config Path override (note: if this file is not found, config SHOULD fail)
  3. .anchorectl.yaml or anchorectl.yaml
  4. .anchorectl/config.yaml
  5. ~/.anchorectl.yaml
  6. ~/anchorectl/config.yaml

To get a release-matched version of this configuration file, you can retrieve it as follows:

curl -o anchorectl.yaml

Note that it has detailed comments above each configuration value so you know what each does.


At the very least, AnchoreCTL needs the following information

  • Anchore Connection details (including authentication information)
  • enterpriseEnabled: true. This is the default value, but it must be specified in order for the enterprise-related features to work.

Last modified September 15, 2021: macOS tar -> tar.gz (e4c8704)