Apps
An app is the top-level building block in Anchore Enterprise’s SBOM management model. It represents a piece of software you ship or host, and it groups the versions of that software together so you can track security health across the full release lifecycle.
Each app contains one or more app versions, and each version contains one or more assets — the concrete container images, filesystems, and externally supplied SBOMs that make up that release. See How It Works for the full mental model.
Watch: a walkthrough of Applications, versions, and assets.When to Model an App
Create an app for each project or product whose security health you want to track over time. Common patterns are:
- One app per service in a microservices architecture
- One app per shippable artifact in a monorepo
- One app per major product line, with versions tracking individual releases
- One app per development repo, with versions tracking nightly or milestone builds
Anatomy of an App
An app carries a small, fixed set of fields:
| Field | Required | Purpose |
|---|---|---|
name | Yes | Human-readable identifier, unique within an account |
description | No | Free-form summary of the app |
contact | Yes | Owning person or team — name is required, email and phone are optional |
policy_id | No | Default policy applied to every version unless overridden — set to null to use the account default |
version_count | Read-only | Number of versions currently attached |
system_metadata | Read-only | UUID and created_at / updated_at timestamps |
For the full create and update payload reference, worked examples, and a side-by-side of the AnchoreCTL and API workflows, see Manage Apps.
Related Topics
- Manage Apps — create, list, update, and delete apps via the GUI, AnchoreCTL, or the API
- Manage App Versions — work with the versions of an app, plus the version detail page walkthrough
- Add Assets to an App Version — attach container images, filesystems, or externally supplied SBOMs