Smoke Testing
This term typically refers to a testing methodology which validates critical or crucial functionality of software. Versions of AnchoreCTL post-5.6.0 include a smoke-tests option, which can be used to validate general functionality of your Anchore Enterprise.
We recommend using this mechanism to validate functionality after upgrades.
Tip: the test check-admin-credentials will look for an admin user in the admin account context as defined in your anchorectl.yaml
anchorectl system smoke-tests run
...
✔ Ran smoke tests
┌───────────────────────────────────────┬─────────────────────────────────────────────────┬────────┬────────┐
│ NAME │ DESCRIPTION │ RESULT │ STDERR │
├───────────────────────────────────────┼─────────────────────────────────────────────────┼────────┼────────┤
│ wait-for-system │ Wait for the system to be ready │ pass │ │
│ check-admin-credentials │ Check anchorectl credentials to run smoke tests │ pass │ │
│ create-test-account │ Create a test account │ pass │ │
│ list-test-policies │ List the test policies │ pass │ │
│ get-test-policy │ Get the test policy │ pass │ │
│ activate-test-default-policy │ Activate the test default policy │ pass │ │
│ create-test-image │ Create a test image and wait for analysis │ pass │ │
│ get-test-image │ Get the test image │ pass │ │
│ activate-test-subscription │ Activate a test subscription │ pass │ │
│ get-test-subscription │ Get the test subscription │ pass │ │
│ deactivate-test-vuln-subscription │ Deactivate the vuln subscription │ pass │ │
│ deactivate-test-policy-subscription │ Deactivate the policy subscription │ pass │ │
│ deactivate-test-tag-subscription │ Deactivate the tag subscription │ pass │ │
│ deactivate-test-analysis-subscription │ Deactivate the analysis subscription │ pass │ │
│ check-test-image │ Check the test image │ pass │ │
│ get-test-image-vulnerabilities │ Get the test image vulnerabilities │ pass │ │
│ delete-test-image │ Delete the test image │ pass │ │
│ disable-test-account │ Disable the test account │ pass │ │
│ delete-test-account │ Delete the test account │ pass │ │
└───────────────────────────────────────┴─────────────────────────────────────────────────┴────────┴────────┘
Troubleshooting Failing Steps
wait-for-system
Polls the API until the vulnerability feed reports as ready (300s timeout).
Failure means: The data syncer cannot reach https://data.anchore-enterprise.com
or feeds have not completed their initial sync.
- Verify external connectivity:
curl -v https://data.anchore-enterprise.com - Check feed sync status:
anchorectl feed list - Check data syncer events:
anchorectl event list --level error --service data_syncer - See Data Syncer Troubleshooting for deeper diagnosis of feed sync issues.
get-test-policy / activate-test-default-policy
Verifies the policy engine is functional and default policies exist.
Failure means: Policy engine is unhealthy or feed data has not been loaded yet.
These steps commonly fail as a cascade when wait-for-system also fails.
- See Verifying Service Health to confirm the policy engine service is up and responding.
create-test-image / get-test-image / get-test-image-vulnerabilities
Submits a test image for analysis and verifies the full analysis pipeline. Failure means: The analyzer, catalog, or policy engine is not functioning correctly.
- See Verifying Service Health to check the status of the analyzer and catalog services.
- See Viewing Logs and Viewing Events for deeper diagnosis.
Note: all test resources (account, image) are cleaned up automatically at the end of the run.
Last modified April 16, 2026