Windows Container Scanning

Anchore can analyze and provide vulnerability matches for Microsoft Windows images. Anchore downloads, unpacks, and analyzes the Microsoft Windows image contents similar to Linux-based images, providing OS information as well as discovered application packages like npms, gems, python, NuGet, and java archives.

Vulnerabilities for Microsoft Windows images are matched against the detected operating system version and KBs installed in the image. These are matched using data from the Microsoft Security Research Center (MSRC) data API.

Requirements

Analyzing Microsoft Windows images is supported out-of-the-box with no configuration changes - but to get vulnerability results, your deployment must meet the following criteria:

  1. Deploy an on-premises feed service
  2. Have the microsoft vulnerability provider enabled in the feed service

Configuring Microsoft Provider

In the feed service configuration, enable the msrc driver.

services:
  feeds:
    ...
    drivers:
      ...
      msrc:
        enabled: true

Supported Windows Base Image Versions

The following are the MSRC Product IDs that Anchore can detect and provide vulnerability information for. These provide the basis for the main variants of the base Windows containers: Windows, ServerCore, NanoSerer, and IoTCore

Product IDName
10951Windows 10 Version 1703 for 32-bit Systems
10952Windows 10 Version 1703 for x64-based Systems
10729Windows 10 for 32-bit Systems
10735Windows 10 for x64-based Systems
10789Windows 10 Version 1511 for 32-bit Systems
10788Windows 10 Version 1511 for x64-based Systems
10852Windows 10 Version 1607 for 32-bit Systems
10853Windows 10 Version 1607 for x64-based Systems
11497Windows 10 Version 1803 for 32-bit Systems
11498Windows 10 Version 1803 for x64-based Systems
11563Windows 10 Version 1803 for ARM64-based Systems
11568Windows 10 Version 1809 for 32-bit Systems
11569Windows 10 Version 1809 for x64-based Systems
11570Windows 10 Version 1809 for ARM64-based Systems
11453Windows 10 Version 1709 for 32-bit Systems
11454Windows 10 Version 1709 for x64-based Systems
11583Windows 10 Version 1709 for ARM64-based Systems
11644Windows 10 Version 1903 for 32-bit Systems
11645Windows 10 Version 1903 for x64-based Systems
11646Windows 10 Version 1903 for ARM64-based Systems
11712Windows 10 Version 1909 for 32-bit Systems
11713Windows 10 Version 1909 for x64-based Systems
11714Windows 10 Version 1909 for ARM64-based Systems
10379Windows Server 2012 (Server Core installation)
10543Windows Server 2012 R2 (Server Core installation)
10816Windows Server 2016
11571Windows Server 2019
10855Windows Server 2016 (Server Core installation)
11572Windows Server 2019 (Server Core installation)
11499Windows Server, version 1803 (Server Core Installation)
11466Windows Server, version 1709 (Server Core Installation)
11647Windows Server, version 1903 (Server Core installation)
11715Windows Server, version 1909 (Server Core installation)

Windows Operating System Packages

Just as Linux images are scanned for packages such as RPMs, DPKG, and APK, Windows images are scanned for the installed components and Knowledge Base patches (KBs). When listing operating system content on a Microsoft Windows image, the results returned are KB identifiers that are numeric. Both the name and version will be identical and are the KB IDs.

Last modified April 14, 2023