adding anchore cli task

task/anchore-cli/0.1/README.md

@@ -0,0 +1,72 @@
+# Anchore CLI
+
+The Anchore CLI provides a command line interface on top of the Anchore Engine REST API.
+Anchore CLI will try to connect to the Anchore Engine at http://localhost/v1 with no authentication. The username, password and URL for the server can be passed to the Anchore CLI as command line arguments
+
+## Install the Task
+
+```
+kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/anchore-cli/0.1/anchore-cli.yaml
+```
+
+## Parameters
+
+    - name: ARGS
+      description: The Arguments to be passed to anchore command.
+      type: array
+    - name: ANCHORE_CLI_IMAGE
+      default: anchore/engine-cli
+      description: Anchore cli image to be used     
+    - name: ANCHORE_CLI_URL
+      default: http://localhost:8228/v1/
+      description: Anchore engine URL.      
+    - name: IMAGE_NAME
+      default: openjdk:7-jre-alpine
+      description: Image to be scanned
+
+
+* **ARGS:** Arguments to be passed to anchore command
+
+* **ANCHORE_CLI_IMAGE:** Anchore cli image to be used 
+
+* **ANCHORE_CLI_URL:** Anchore Server URL
+
+* **IMAGE_NAME:** Image to be scanned
+
+#PLATFORK
+## Platforms
+
+The Task can be run on `linux/amd64` platform.
+
+## Usage
+
+## Usage
+
+After creating the task, you should now be able to execute `anchore cli` commands by
+specifying the command you would like to run as the `ARGS` or `SCRIPT` param.
+
+The `ARGS` param takes an array of aws subcommands that will be executed as
+part of this task and the `SCRIPT` param takes the multiple commands that you would like to run on aws CLI.
+
+Secret` give an example of how to give credentials for logging in.
+
+
+    
+To create a secret you can use the following command 
+kubectl create secret generic tower-creds --from-literal=username=ANCHORE_CLI_PASS --from-literal=password=ANCHORE_CLI_USER
+
+or apply below manifest which is in samples folder
+
+---
+kind: Secret
+apiVersion: v1
+metadata:
+   name: anchore-cli-secret
+data:
+  ANCHORE_CLI_PASS: YWRtaW50b3dlcg==
+  ANCHORE_CLI_USER: YWRtaW4=
+type: Opaque
+
+---
+
+

task/anchore-cli/0.1/anchore-cli.yaml

@@ -0,0 +1,63 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: anchore-cli
+  labels:
+    app.kubernetes.io/version: "0.1"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.12.1"
+    tekton.dev/categories: Security
+    tekton.dev/tags: CLI, anchore
+    tekton.dev/displayName: "anchore cli"
+    tekton.dev/platforms: "linux/amd64"
+spec:
+  description: >-
+    The Anchore CLI provides a command line interface on top of the Anchore Engine REST API.
+    Using the Anchore CLI users can manage and inspect images, policies, subscriptions, and registries
+  workspaces:
+    - name: manifest-dir
+  params:
+    - name: ARGS
+      description: The Arguments to be passed to the Anchore command.
+      type: array
+    - name: ANCHORE_CLI_IMAGE
+      default: anchore/engine-cli:latest
+      description: Anchore CLI image to be used
+    - name: ANCHORE_CLI_URL
+      default: http://localhost:8228/v1/
+      description: Anchore Engine URL
+    - name: IMAGE_NAME
+      default: openjdk:7-jre-alpine:latest
+      description: Image to be scanned
+
+  steps:
+    - name: anchore-cli
+      image: $(params.ANCHORE_CLI_IMAGE)
+      workingDir: $(workspaces.manifest-dir.path)
+      script: |
+        #!/usr/bin/env sh
+        ANCHORE_CLI_URL=$(params.ANCHORE_CLI_URL)
+        export ANCHORE_CLI_URL
+        anchore-cli image add "$(params.IMAGE_NAME)" > /dev/null 2>&1
+        anchore-cli image vuln "$(params.IMAGE_NAME)" > /dev/null 2>&1
+        status=$(anchore-cli evaluate check "$(params.IMAGE_NAME)")
+        if echo "$status" | grep -q 'fail'; then
+          echo "Image Vulnerable. Status Failed"
+          exit
+        else
+          echo "Image not Vulnerable. Status Success"
+        fi
+
+      args:
+        - "$(params.ARGS)"
+      env:
+        - name: ANCHORE_CLI_USER
+          valueFrom:
+            secretKeyRef:
+              name: $(params.anchore-cli-secret)
+              key: ANCHORE_CLI_USER
+        - name: ANCHORE_CLI_PASS
+          valueFrom:
+            secretKeyRef:
+              name: $(params.anchore-cli-secret)
+              key: ANCHORE_CLI_PASS

task/anchore-cli/0.1/samples/secret.yaml

@@ -0,0 +1,8 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: anchore-cli-secret
+data:
+  ANCHORE_CLI_PASS: <base64_encoded_password>
+  ANCHORE_CLI_USER: <base64_encoded_username>
+type: Opaque