name: anchore-container-security displayName: Anchore Container Security description: >- Workflow capability for container image vulnerability scanning, SBOM generation, and policy-based compliance enforcement using the Anchore Enterprise API. version: '1.0' provider: Anchore shared: anchore-image: description: Container image analyzed by Anchore schema: $ref: '../json-schema/anchore-image-schema.json' anchore-vulnerability: description: Vulnerability found in analyzed image schema: $ref: '../json-schema/anchore-vulnerability-schema.json' anchore-sbom: description: Software Bill of Materials in CycloneDX format schema: $ref: '../json-schema/anchore-sbom-schema.json' workflows: - id: scan-and-report name: Scan Image and Report Vulnerabilities description: Analyze a container image and retrieve its vulnerability report steps: - id: add-image operation: addImage description: Submit image for analysis - id: check-status operation: getImage description: Poll image analysis status - id: get-vulns operation: getImageVulnerabilities description: Retrieve vulnerability report params: vtype: all - id: check-policy operation: checkImagePolicy description: Evaluate policy compliance - id: generate-sbom name: Generate SBOM description: Analyze an image and retrieve its Software Bill of Materials steps: - id: add-image operation: addImage - id: get-sbom operation: getImageSbom adapters: rest: baseUrl: https://anchore.example.com/v2 openapi: ../openapi/anchore-enterprise-api.yaml auth: type: basic mcp: port: 9090 tools: - id: scan-image operation: addImage description: Submit a container image for vulnerability scanning - id: get-vulnerabilities operation: getImageVulnerabilities description: Get vulnerabilities for a scanned image - id: get-sbom operation: getImageSbom description: Get Software Bill of Materials for a scanned image - id: check-policy operation: checkImagePolicy description: Check if an image passes security policies - id: list-images operation: listImages description: List all analyzed container images