This repository has been archived by the owner on Feb 28, 2023. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Brady Todhunter <bradyt@anchore.com>
- Loading branch information
1 parent
69574ac
commit 1576013
Showing
6 changed files
with
297 additions
and
84 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
.circleci | ||
.vscode | ||
.gitignore | ||
test/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,4 +4,5 @@ logs/ | |
*.DS_Store | ||
*.pyc | ||
.python-version | ||
.vscode/ | ||
.vscode/ | ||
test/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,139 @@ | ||
# Anchore Service Configuration File | ||
# | ||
|
||
# General system-wide configuration options, these should not need to | ||
# be altered for basic operation | ||
# | ||
|
||
service_dir: ${ANCHORE_SERVICE_DIR} | ||
tmp_dir: /analysis_scratch | ||
log_level: ${ANCHORE_LOG_LEVEL} | ||
cleanup_images: False | ||
host_id: '${ANCHORE_HOST_ID}' | ||
internal_ssl_verify: False | ||
auto_restart_services: False | ||
|
||
feeds: | ||
# If set to False, instruct anchore-engine to skip (all) feed sync operations | ||
sync_enabled: False | ||
selective_sync: | ||
# If enabled only sync specific feeds instead of all. | ||
enabled: True | ||
feeds: | ||
vulnerabilities: True | ||
# Warning: enabling the packages and nvd sync causes the service to require much | ||
# more memory to do process the significant data volume. We recommend at least 4GB available for the container | ||
packages: False | ||
nvd: True | ||
# Enabling snyk syncs snyk vulnerability data from an on-premise anchore enterprise feeds service. Please contact | ||
# anchore support for finding out more about this service | ||
snyk: False | ||
anonymous_user_username: anon@ancho.re | ||
anonymous_user_password: pbiU2RYZ2XrmYQ | ||
url: 'https://ancho.re/v1/service/feeds' | ||
client_url: 'https://ancho.re/v1/account/users' | ||
token_url: 'https://ancho.re/oauth/token' | ||
connection_timeout_seconds: 3 | ||
read_timeout_seconds: 60 | ||
|
||
|
||
# As of 0.3.0dev0 this section is used instead of the credentials.users section | ||
# Can be omitted and will default to 'foobar' on db initialization | ||
default_admin_password: ${ANCHORE_CLI_PASS} | ||
|
||
# Can be ommitted and will default to 'admin@myanchore' | ||
default_admin_email: ${ANCHORE_ADMIN_EMAIL} | ||
|
||
credentials: | ||
database: | ||
db_connect: 'postgresql+pg8000://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}:${ANCHORE_DB_PORT}/${ANCHORE_DB_NAME}' | ||
db_connect_args: | ||
timeout: 120 | ||
ssl: False | ||
db_pool_size: 30 | ||
db_pool_max_overflow: 100 | ||
|
||
services: | ||
apiext: | ||
enabled: True | ||
require_auth: True | ||
endpoint_hostname: '${ANCHORE_ENDPOINT_HOSTNAME}' | ||
listen: '0.0.0.0' | ||
port: 8228 | ||
authorization_handler: native | ||
kubernetes_webhook: | ||
enabled: True | ||
require_auth: False | ||
endpoint_hostname: '${ANCHORE_ENDPOINT_HOSTNAME}' | ||
listen: '0.0.0.0' | ||
port: 8338 | ||
catalog: | ||
enabled: True | ||
require_auth: True | ||
endpoint_hostname: '${ANCHORE_ENDPOINT_HOSTNAME}' | ||
listen: '0.0.0.0' | ||
port: 8082 | ||
# NOTE: use the below external_* parameters to define the port/tls | ||
# setting that will allow other internal services to access this | ||
# service - if left unset services will use the above, | ||
# e.g. http://<endpoint_hostname>:<port> | ||
# external_port: 8082 | ||
# external_tls: False | ||
archive: | ||
compression: | ||
enabled: False | ||
min_size_kbytes: 100 | ||
storage_driver: | ||
name: db | ||
config: {} | ||
cycle_timer_seconds: 1 | ||
cycle_timers: | ||
image_watcher: 3600 | ||
policy_eval: 3600 | ||
vulnerability_scan: 14400 | ||
analyzer_queue: 5 | ||
notifications: 30 | ||
service_watcher: 15 | ||
policy_bundle_sync: 300 | ||
repo_watcher: 60 | ||
# Uncomment if you would like to receive notifications for events triggered by asynchronous operations in the system. | ||
# In addition, uncomment the webhooks section and supply the configuration for either a 'general' or an 'event_log' webhook | ||
# event_log: | ||
# notification: | ||
# enabled: True | ||
# # (optional) notify events that match these levels. If this section is commented, notifications for all events are sent | ||
# level: | ||
# - error | ||
simplequeue: | ||
enabled: True | ||
require_auth: True | ||
endpoint_hostname: '${ANCHORE_ENDPOINT_HOSTNAME}' | ||
listen: '0.0.0.0' | ||
port: 8083 | ||
# external_port: 8083 | ||
# external_tls: False | ||
analyzer: | ||
enabled: True | ||
require_auth: True | ||
cycle_timer_seconds: 1 | ||
cycle_timers: | ||
image_analyzer: 5 | ||
max_threads: 1 | ||
analyzer_driver: 'nodocker' | ||
endpoint_hostname: '${ANCHORE_ENDPOINT_HOSTNAME}' | ||
listen: '0.0.0.0' | ||
port: 8084 | ||
# external_port: 8084 | ||
# external_tls: False | ||
policy_engine: | ||
enabled: True | ||
require_auth: True | ||
endpoint_hostname: '${ANCHORE_ENDPOINT_HOSTNAME}' | ||
listen: '0.0.0.0' | ||
port: 8087 | ||
# external_port: 8087 | ||
# external_tls: False | ||
cycle_timer_seconds: 1 | ||
cycle_timers: | ||
feed_sync: 21600 # 6 hours between feed syncs | ||
feed_sync_checker: 3600 # 1 hour between checks to see if there needs to be a task queued |
Oops, something went wrong.