The Anchore Engine requires two categories of network access:
- Registry Access Network connectivity, including DNS resolution, to the registries from which the Anchore Engine needs to download images.
- Feed Service The Anchore Engine synchronizes feed data such as operating system vulnerabilities (CVEs) from the Anchore Cloud Service. The initial synchronization may take 5 to 10 minutes, based on network speed, after which time the Anchore Engine will download updated feed data at a user configurable interval, by default every 4 hours. Only a single end point is required for this synchronization, host: ancho.re TCP port: 443
- No data is uploaded to Anchore, the synchronization is one-way.
- An optional on-premises feed service and policy editor is available to commercial users.
- A Network Proxy can be used to provide external connectivity to the Anchore Engine. See: Network Proxy documentation.
Last modified November 23, 2020: Initial rough impl adding engine docs directory (9dabbe73)