Container Registries
Anchore Enterprise can analyze images from any Docker V2 compatible registry. A registry in Anchore Enterprise is a stored credential configuration: it tells the deployment how to authenticate to a registry host, and on its own it does not pull or analyze any images. (Repositories are the unit of analysis; see Watch a Repository.)
Anchore Enterprise attempts to download images from any registry without further configuration. You only need to define a registry when it requires authentication: once a registry and its credentials are defined, every pull for an image from that registry uses them.
A few options and behaviors apply to every registry, regardless of how you add it:
- TLS certificate verification is on by default. Anchore Enterprise verifies the registry’s TLS certificate. You can turn verification off for a registry that presents a self-signed certificate or one signed by an unknown CA.
- Credential validation is on by default. Anchore Enterprise validates the credential when a registry is added. Because validation methods for public registries change over time, you can skip the check, which is useful when a valid credential fails validation or when adding a credential before it is active at the registry.
- Multiple credentials per host. You can store different credentials for different repositories on the same host (for example, two private repositories on
docker.io) by qualifying each entry with a repository path. - Passwords are write-only. A registry’s password cannot be retrieved through the GUI, AnchoreCTL, or the API.
Most Docker V2 registries authenticate with a username and password. Amazon ECR, Google GCR, and Microsoft Azure also support their own native credentialing; see the registry-specific configuration below.
Manage Registries in the Anchore Enterprise GUI
Registry management lives under System → Configuration → Registries. Listing and creating registries requires a user in the admin account or a member of the read-write role for the account.
To add a registry, open the Registries tab and select Let’s add one! (or Add New Registry if registries already exist). In the modal, provide the Registry (hostname with optional port), the Type (for example docker_v2 or awsecr), and the Username and Password. Two toggles set the behavior described above: Allow Self Signed turns off TLS certificate verification, and Validate on Add skips credential validation.
After a registry is added, edit its credentials and options from the Actions column. The setup help for each registry type is also available inline via “Need some help setting up your registry?” near the bottom of the modal.
To store different credentials for repositories on the same host, add each entry with a repository path (for example, docker.io/anchore/*).
Manage Registries with AnchoreCTL
List the defined registries:
anchorectl registry list
Add a registry. The registry argument is the fully qualified hostname and optional port (for example registry.example.com:5000):
ANCHORECTL_REGISTRY_PASSWORD=<password> anchorectl registry add <registry> --username <username>
Add separate credentials for repositories on the same host with a path:
ANCHORECTL_REGISTRY_PASSWORD=<password> anchorectl registry add docker.io/anchore/* --username <username>
Both registry add and registry update accept --secure-connection=<true|false> (TLS certificate verification) and --validate=<true|false> (credential validation at add time); each defaults to true.
Get the details of a specific registry (the password is never returned):
anchorectl registry get <registry>
Update a registry’s username, password, or connection options:
ANCHORECTL_REGISTRY_PASSWORD=<newpassword> anchorectl registry update <registry> --username <newusername> --validate=<true|false> --secure-connection=<true|false>
Delete a registry. Deleting a registry record does not delete the image or tag records associated with it:
anchorectl registry delete <registry>
Manage Registries with the API
Registry configuration is managed through the Registries endpoints:
| Method | Endpoint | Description |
|---|---|---|
GET | /registries | List configured registries (list_registries) |
POST | /registries | Add a registry (create_registry) |
GET | /registries/{registry} | Get a registry configuration (get_registry) |
PUT | /registries/{registry} | Update a registry (update_registry) |
DELETE | /registries/{registry} | Delete a registry (delete_registry) |
The full request and response schemas are in the API browser; search for the Registries tag.
Registry-Specific Configuration
The credential fields are the same whether you add a registry through the GUI, AnchoreCTL, or the API. For registries with native credentialing, see the registry-specific guides:
Last modified June 16, 2026