AnchoreCTL Release Notes - Version 5.26.0

Note: AnchoreCTL v5.26.x versions are compatible with Enterprise v5.26.x deployments.

Adds HTML output format support for the anchorectl image one-time-scan, anchorectl image vuln, and anchorectl image check commands, enabling browser-viewable vulnerability reports.
Adds --stig-tools-image and --stig-tools-binary-path flags to enable STIG checks on shell-less container images. AnchoreCTL automatically extracts a tools binary (e.g., busybox) from a specified tools container image and mounts it into the target container, removing the need to manually prepare shell-less images for STIG execution.

Fixes an issue where stereoscope temporary directories are not cleaned up when a disk full failure occurs.
Fixes an issue where anchorectl image add --from docker fails on Apple silicon Macs (M4/M5) with Docker Desktop v4.61.0.
Fixes JSON output formatting for the anchorectl image one-time-scan -o json command. It also now provides the output option of anchorectl image one-time-scan -o json-raw. The json-raw output option provides the unformatted JSON output directly from the API, while the json output option provides a more human-readable formatted JSON output.
Fixes an issue where the anchorectl image one-time-scan command displays full policy evaluation details by default. Summary findings are now shown unless the --detail flag is provided, consistent with anchorectl image check.
Fixes an issue where anchorectl image add --from docker-archive fails to locate the saved tarball.

Last modified March 31, 2026