As covered in the Network sections of the requirements document the Anchore Engine requires three categories of network connectivity

  • Registry Access
    Network connectivity, including DNS resolution, to the registries from which the Anchore Engine needs to download images

  • Feed Service
    The Anchore Engine synchronizes feed data such as operating system vulnerabilities (CVEs) from the Anchore Cloud Service.
    Only a single end point is required for this synchronization, host: TCP port: 443

  • Access to Anchore Internal Services
    The Anchore Engine is comprised of six smaller micro-services that can be deployed in a single container or scaled out to handle load. Each Anchore service should be able to connect the other services over the network.

In environments were access to the public internet is restricted then a proxy server may be required to allow the Anchore Engine to connect to the Anchore Cloud Feed Service or to a publicly hosted container registry.

The Anchore Engine can be configured to access a proxy server by using environment variables that are read by the Anchore Engine at run time.


Address of the proxy service to use for HTTPS traffic in the following form: {PROTOCOL}://{IP or HOSTNAME}:{PORT}   



Address of the proxy service to use for HTTP traffic in the following form: {PROTOCOL}://{IP or HOSTNAME}:{PORT}   



Comma delimited list of hostnames or IP address which should be accessed directly without using the proxy service.
 eg. localhost,,registry,


Do not use double quotes (") around the proxy variable values. 


For proxy servers that require authentication the username and password can be provided as part of the URL:

eg. https_proxy=

If the username or password contains and non-url safe characters then these should be urlencoded.

For example:

The password F@oBar! would be encoded as F%40oBar%21

Setting Environment Variables

Docker Compose: