The Anchore Engine requires two categories of network access:
- Registry Access Network connectivity, including DNS resolution, to the registries from which the Anchore Engine needs to download images.
- Feed Service The Anchore Engine synchronizes feed data such as operating system vulnerabilities (CVEs) from the Anchore Cloud Service. The initial synchronization may take 5 to 10 minutes, based on network speed, after which time the Anchore Engine will download updated feed data at a user configurable interval, by default every 4 hours. Only a single end point is required for this synchronization, host: ancho.re TCP port: 443
- No data is uploaded to Anchore, the synchronization is one-way.
- An optional on-premises feed service and policy editor is available to commercial users.
- A Network Proxy can be used to provide external connectivity to the Anchore Engine. See: Network Proxy documentation.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified November 23, 2020: Initial rough impl adding engine docs directory (9dabbe73)