Anchore Enterprise Release Notes - Version 4.6.0

Anchore Enterprise 4.6.0

Anchore Enterprise release v4.6.0 contains targeted fixes and improvements. A Database update is needed.

Please View: Upcoming Enterprise v5.0.0 Announcements

Please Note: If you are upgrading from an Anchore Enterprise version prior to v4.2.0, there is a known issue that will require you to upgrade to v4.2.0 or v4.3.0 first. Once completed, you will have no issues upgrading to v4.6.0. Please contact Anchore Support if you need further assistance.

Enterprise Service Updates

Improvements

  • Runtime Inventory
    • New API Delete functionality for any runtime inventory context that is no longer being reported on by KAI.
      • /enterprise/inventories DELETE
    • The Inventory Watcher improved logging output at info level so that it is more concise.
    • The Inventory Watcher now contains additional global metrics
      • anchore_monitor_inventory_contexts_monitored_total - Total number of contexts monitored via subscriptions
      • anchore_monitor_inventory_images_total ( found ) - Total number of images from runtime inventory that are being watched
      • anchore_monitor_inventory_images_total ( success ) - Total number of images successfully added to the catalog
      • anchore_monitor_inventory_images_total ( fail ) - Total number of images that failed to be added to the catalog
  • Policy Triggers
    • Vulnerability Package Trigger has a new parameter inherited from base. It provides more control on which vulnerabilities will be considered by the policy.
      • true shows vulnerabilities only inherited from the base image
      • false hides vulnerabilities inherited from the base image
    • We have deprecated various triggers using blacklist and whitelist terminology in favor of denylist and allowlist. The deprecated triggers will continue to work until they are removed in Enterprise v5.0.0. Note that existing allowlist entries for the deprecated triggers will continue to work until the policy is updated to use the new triggers at which time the trigger IDs will no longer match.
  • Analysis Jobs
    • Improves the ability of the system to re-queue image analysis and image import jobs from shut-down analyzers to minimize the impact of scale-down operations on the set of analyzers. In addition to the existing analyzing state timeout behavior, the system can now detect an image was analyzed by a now-down analyzer as soon as the analyzer is reported as down, making the re-queue time a matter of minutes instead of hours.
    • Additional metrics were also added to help give more visibility into analysis
      • anchore_analyzer_status ( waiting ) - Analyzer is idle and is waiting to receive work from the queue
      • anchore_analyzer_status ( error ) - Analyzer is not able to process work
      • anchore_analyzer_status ( processing ) - Analyzer is currently processing work
      • anchore_analyzer_dequeue_latency - Indicator of the responsiveness of the queue service for this analyzer

Fixes

  • Fixed an SSL Error for customers who are using custom certificates.
  • Resolved problems in the Inventory Watcher when processing large inventories.
  • Policy validation has been improved during initial creation of the policy bundle. This will provide a better feedback mechanism so that invalid policies can be fixed earlier.
  • Addressed an issue where the python binary cataloger incorrectly returned multiple instances of a python package.

UI Updates

Fixes

  • Deprecated policy triggers
    • A new warning indicator has been added to the policy rule list to flag triggers that are invalid or that have been deprecated. If you edit a policy rule containing a deprecated trigger, we also indicate that the currently selected trigger has been deprecated and replaced by another trigger, so that it is easy to know how to fix policies containing such triggers.
  • Policy editor tables
    • We have upgraded the table widgets within the policy editor to make the columns resizable.
  • Miscellaneous
    • Various supporting libraries have been updated in order to improve security, performance, and also to remove deprecation warnings from browser and server output logs. Redundant libraries have been removed to reduce the app startup time and overall size.
Last modified October 27, 2023