This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Application Management - AnchoreCTL

Use AnchoreCTL to manage your applications. The AnchoreCTL application workflow would be like the following.

Create a Named Application

Use AnchoreCTL to create a named application. For example: anchorectl application add <name> --description <description>

Note: Creating an application will also create an application version named HEAD, used to track the in-development version.

List All Applications

Use the AnchoreCTL to list all applications. For example: anchorectl application list.

Request an Individual Application

Request an individual application from Anchore via AnchoreCTL to view details about it. For example: anchorectl application get <application_name>.

Update and Change Properties of an Existing Application

Update and change the properties of an existing application via AnchoreCTL.

For example, change the application name and description as follows: anchorectl application update <application_name> --name <new_name> --description <new_description>.

Remove an Application

Use AnchoreCTL to delete applications. This lets you remove applications that are no longer useful or important to you. For example: anchorectl application delete <application_name>

1 - Application Version management - AnchoreCTL

Use AnchoreCTL to manage your application versions.

The AnchoreCTL application workflow would be like the following.

Create and Store Versions of your Application

Use AnchoreCTL to create and store versions of your applications. Versioning is useful for audit compliance and reporting. Use the following AnchoreCTL command to create a version:

anchorectl application version add <application-name>@<version-name>

List All Application Versions

Use AnchoreCTL to list all application versions that are associated with an application.

anchorectl application version list <application_name>

Update Application Version Properties

Use AnchoreCTL to update application version properties for an existing application in Anchore.

anchorectl application version update <application-name>@<version-name> --name <new_version_name>

Request a Specific Application Version

Use AnchoreCTL to request a specific version of an application to view its details. The following example shows the AnchoreCTL command to request a version:

anchorectl application version get <application-name>@<version-name>

Remove Application Version

Use AnchoreCTL to delete application versions. This lets you remove application versions that are no longer useful or important to you.

anchorectl application version delete <application-name>@<version-name>

2 - Get an Application Version SBOM - AnchoreCTL

Run the anchorectl application version sbom <application_id> <application_version_id> -o json command to download a combined software bill of materials (SBOM) for all components and supply-chain elements of an application. This lets you easily archive the components, or provide them to others for verification process compliance requirements. The data structure includes the version and version metadata for the application version, along with the SBOMs for each associated artifact.

To filter the results by artifact type, add the argument –-type <source,image> to the end of the command.

3 - Associate Artifacts with Application Versions - AnchoreCTL

Add an Artifact Association

The following commands require source or image artifacts to already be added to the Anchore Enterprise instance before they can be associated with the application version.

Note: Keep track of the uuid of the sources, and the digest of the images that you will add to the application version. These are the values used to associate each artifact with the application version.

The response body for each artifact association request will contain an artifact_association_metadata block with an association_id field in it. This field uniquely identifies the association between the artifact and the application version.

Associate a Source Artifact

To associate a source artifact: anchorectl application artifact add <application-name>@<version-name> source <source_uuid>

Associate an Image Artifact

To associate an image artifact: anchorectl application artifact add <application-name>@<version-name> image <image_digest>

List All Associated Artifacts

To list all artifacts associated with an application version: anchorectl application artifact list <application-name>@<version-name>

To filter the results by artifact type, add the argument --type <source,image> to the end of the command.

Remove an Artifact Association

Get the association_id of one of the associated artifacts and run the following command: anchorectl application artifact remove <application-name>@<version-name> <artifact_id>