The Anchore Engine can analyze any Linux based image and will extract data about the contents of an image including:


  • Files
  • Operating System Packages (RPM, DEB, APK)
  • Ruby Gems
  • Node.JS npm modules
  • Python Eggs
  • Java Archives (JAR, EAR and WAR)


To accurately report on security vulnerabilities the Anchore Engine uses vulnerability feeds sources from Linux distributors and the NIST National Vulnerability Database.
Anchore currently reports vulnerabilities on the following Linux distributions:

  • Alpine Linux
  • CentOS
  • Debian
  • Oracle Linux
  • Red Hat Enterprise Linux
  • Ubuntu