This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Observe Applications in Enterprise

Observe Applications in Enterprise

You can use the Anchore Enterprise GUI to see a summary of the applications that have been collected into an application. From the application view, you can drill down into the source repositories or container images that make up the application, and browse their software bill of materials (SBOMs).

1 - View Applications from Image Containers

To work with image container data, you must first load the image container data into the Application view of Enterprise. Once your data is brought in, you can go to Applications to see the summary of the information. The information is categorized by applications, with sub-categories of application versions available from container images. For information about analyzing images, see Image Analysis. For information about adding Images, see Scanning Repositories.

Container Image Application summary

When you select an application version, you will see a list of artifacts associated with that application version.

Container Images

You can download a report for everything in the application or for an individual artifact. The application level download supports JSON format. Artifact level download supports JSON, SPDX, CycloneDX formats.

Container Images SBOM Report

When you select an artifact link, you will see the analysis options for that artifact. You can then view information about the artifact, such as the policies set up, the vulnerabilities, software bill of materials (SBOM) contents, image metadata information, build summary, and action workbench.

Container Images Analysis

If you want to set up policies, as well as mappings for an artifact, select *Policies to set them up there.

See Policies for more information. See Policy Mappings for more information.

Policies

2 - View Applications from Source Repositories

To work with source repository data, you must first use AnchoreCTL or the Anchore API to load the source repository into the Applications view of Enterprise.

Once your data is brought in, you can go to the Applications tab to see the summary of the information. The information is categorized by applications, with sub-categories of application versions available from source repositories.

Source Repository Application Summary

When you select an application version, you will see a list of artifacts associated with that application version.

Source Repository

You can download a report for everything in the application or for an individual artifact. The application level download supports JSON format. Artifact level download supports JSON, SPDX, CycloneDX formats.

Source Repository SBOM Report

When you select an artifact link, you will see the analysis options for that artifact. You can then view information about the artifact, such as the policies set up, the vulnerabilities, software bill of materials (SBOM) contents, and source metadata information.

Source Repositories Analysis

If you want to set up policies, as well as mappings for an artifact, select the Policies tab and set them up there.

For information about policies, see Policies. For information about adding policy mapping, see Policy Mappings.

Policies

3 - Work with Applications Generated from Image Containers

To work with image container data in Anchore Enterprise, you must first load the image container data into Enterprise. For more information, see Scanning Repositories.

Once the data is made available to Anchore Enterprise, you can then analyze it. An example workflow might be as follows.

  1. Start Anchore Enterprise. You will default to the dashboard view. The Dashboard is your configurable landing page where insights into the collective status of your container image environment. The summary information is displayed through various widgets. Utilizing the Enterprise Reporting Service, the widgets are hydrated with metrics which are generated and updated on a cycle, the duration of which is determined by application configuration. See Dashboard for more information about what you can view.

  2. Click Applications > Container Images to view a summary of the applications in your container images. The information is categorized by applications, with sub-categories of application versions available from image containers that you previously loaded. Notice the list of applications and application versions, as well as any artifacts in the applications.

Container Image Application summary

  1. Click SBOM Report Updated Application name to download a software bill of materials (SBOM) report in JSON format for everything in an application. Or, click SBOM Report to download a report for everything in an artifact.

  2. Click an artifact link under Repository Name to view the detailed information for the artifact.

Container Image Artifact Link

The Images analysis screen for an artifact shows you a summary of what is in that artifact.

Container Images Analysis

  1. From the analysis screen, you can perform the following actions.
  • Click Policy Compliance to view the policies set up for the artifact. You can see the policy rules that are set up as well.
  • Click Vulnerabilities to view the vulnerabilities associated with the artifact.
  • Click SBOM to view the contents of the SBOM(s) associated with the artifact.
  • Click Image Metadata to view the metadata information for the artifact.
  • Click Build Summary to see the Manifest, Dockerfile, and Docker History of your artifact.
  • Click Action Workbench to see the action plans and history for an image artifact.
  • You have the option to click SBOM Report to download a report for everything in the artifact.
  • You also have the option to click Compliance Report to download a report that shows the compliance information in the artifact.
  1. Click Policies to set up the rules for the analyzed container image.

See Policies for more information. See Policy Mappings for more information.

4 - Work with Applications Generated from Source Repositories

To work with source repository data in Anchore Enterprise, you must first use AnchoreCTL or the Anchore API to load the source repository into Enterprise.

Once the data is made available to Anchore Enterprise, you can then view and generate reports specific to an application version. An example workflow might be as follows.

  1. Start Anchore Enterprise. You will default to the dashboard view. The Dashboard is your configurable landing page where insights into the collective status of your source repository. The summary information is displayed through various widgets. Utilizing the Enterprise Reporting Service, the widgets are hydrated with metrics which are generated and updated on a cycle, the duration of which is determined by application configuration. See Dashboard for more information about what you can view.

  2. Click Applications > Source Repositories to view a summary of the applications in your source repository. The information is categorized by applications, with sub-categories of application versions available from source repositories that you previously loaded via AnchoreCTL or the Anchore API. Notice the list of applications and application versions, as well as any artifacts in the applications.

Source Repository Application Summary

  1. Click SBOM Report Updated Application name to download a software bill of materials (SBOM) report in JSON format for everything in an application. Or, click SBOM Report to download a report for everything in an artifact.

  2. Click an artifact link for a soure repository under Repository Name to view the detailed information for the artifact.

Source Repository Artifact Link

The Sources analysis screen for an artifact shows you a summary of what is in that artifact.

Source Repository Analysis

  1. From the analysis screen, you can perform the following actions.
  • Click Policy Compliance to view the policies set up for the artifact. You can see the policy rules that are set up as well.
  • Click Vulnerabilities to view the vulnerabilities associated with the artifact.
  • Click SBOM to view the contents of the SBOM(s) associated with the artifact.
  • Click Source Metadata to view the metadata information for the artifact.
  • You have the option to click SBOM Report to download a report for everything in the artifact.
  • You also have the option to click Compliance Report to download a report that shows the compliance information in the artifact.
  1. Click Policies to set up the rules for the analyzed source repository. The rules set up for an artifact source repository are different from what you apply to a container image.

See Policies for more information. See Policy Mappings for more information.