Feed Configuration

Feed Synchronization Interval

The default configuration for Anchore Enterprise will download vulnerability data from Anchore’s feed service every 21,600 seconds (6hours).

For most users the only configuration option that is typically updated is the feed synchronization interval - the time interval (in seconds) at which the feed sync is run.

    .....
    
    cycle_timers:
      ...
      feed_sync: 14400

Feed Data Settings

Feed data configuration is set in the config.yaml file used by policy engine service. The services.policy_engine.vulnerabilities.sync.data section of the configuration file controls the behavior of data to be synced. In addition, the data groups that can be synced depend on the services.policy_engine.vulnerabilities.provider, and are explained in detail in the following sections.

Feed Groups

Anchore Enterprise is configured with grype as the services.policy_engine.vulnerabilities.provider and grypedb feed group enabled. The grypedb feed group syncs a single Grype database to the policy engine. A Grype database contains data that spans multiple groups. Due to this encapsulation, it is not possible to enable or disable individual feed groups.

Anchore Enterprise will default to downloading the feed group from a publicly accessible URL maintained by Grype https://toolbox-data.anchore.io/grype/databases/listing.json. The Grype database available from this endpoint does not include third-party/proprietary groups such as MSRC. To get those groups, set url (or override the environment variable ANCHORE_GRYPE_DB_URL) to your local feed service.

services:
  ...
  policy_engine:
    ...
    vulnerabilities:
      provider: grype
      ...
      sync:
        ...
        data:
          grypedb:
            enabled: true
            url: ${ANCHORE_GRYPE_DB_URL}

Read Timeout

Under rare circumstances you may see syncs failing with errors to fetch data due to timeouts. This is typically due to load on the feed service, network issues, or some other temporary condition. However, if you want to increase the timeout to increase the likelihood of success, modify the read_timeout_seconds of the feeds configuration:

feeds:
  ...
  read_timeout_seconds: 180

Controlling Which Feeds and Groups are Synced

Note: The package and nvd data feeds are large, resulting in the initial sync taking some time to sync.

During initial feed sync, you can always query the progress and status of the feed sync using anchorectl.

# anchorectl feed list
 ✔ List feed
┌─────────────────┬────────────────────┬─────────┬──────────────────────┬──────────────┐
│ FEED            │ GROUP              │ ENABLED │ LAST SYNC            │ RECORD COUNT │
├─────────────────┼────────────────────┼─────────┼──────────────────────┼──────────────┤
│ vulnerabilities │ github:composer    │ true    │ 2023-08-21T16:41:04Z │ 2148         │
│ vulnerabilities │ github:gem         │ true    │ 2023-08-21T16:41:04Z │ 700          │
│ vulnerabilities │ github:go          │ true    │ 2023-08-21T16:41:04Z │ 1176         │
│ vulnerabilities │ github:java        │ true    │ 2023-08-21T16:41:04Z │ 3848         │
│ vulnerabilities │ github:npm         │ true    │ 2023-08-21T16:41:04Z │ 3450         │
│ vulnerabilities │ github:nuget       │ true    │ 2023-08-21T16:41:04Z │ 496          │
│ vulnerabilities │ github:python      │ true    │ 2023-08-21T16:41:04Z │ 1966         │
│ vulnerabilities │ github:rust        │ true    │ 2023-08-21T16:41:04Z │ 628          │
│ vulnerabilities │ nvd                │ true    │ 2023-08-21T16:41:04Z │ 223049       │
│ vulnerabilities │ alpine:3.10        │ true    │ 2023-08-21T16:41:04Z │ 2321         │
│ vulnerabilities │ alpine:3.11        │ true    │ 2023-08-21T16:41:04Z │ 2659         │
│ vulnerabilities │ alpine:3.12        │ true    │ 2023-08-21T16:41:04Z │ 3193         │
│ vulnerabilities │ alpine:3.13        │ true    │ 2023-08-21T16:41:04Z │ 3684         │
│ vulnerabilities │ alpine:3.14        │ true    │ 2023-08-21T16:41:04Z │ 4265         │
│ vulnerabilities │ alpine:3.15        │ true    │ 2023-08-21T16:41:04Z │ 4760         │
│ vulnerabilities │ alpine:3.16        │ true    │ 2023-08-21T16:41:04Z │ 5146         │
│ vulnerabilities │ alpine:3.17        │ true    │ 2023-08-21T16:41:04Z │ 5399         │
│ vulnerabilities │ alpine:3.18        │ true    │ 2023-08-21T16:41:04Z │ 5566         │
│ vulnerabilities │ alpine:3.2         │ true    │ 2023-08-21T16:41:04Z │ 305          │
│ vulnerabilities │ alpine:3.3         │ true    │ 2023-08-21T16:41:04Z │ 470          │
│ vulnerabilities │ alpine:3.4         │ true    │ 2023-08-21T16:41:04Z │ 679          │
│ vulnerabilities │ alpine:3.5         │ true    │ 2023-08-21T16:41:04Z │ 902          │
│ vulnerabilities │ alpine:3.6         │ true    │ 2023-08-21T16:41:04Z │ 1075         │
│ vulnerabilities │ alpine:3.7         │ true    │ 2023-08-21T16:41:04Z │ 1461         │
│ vulnerabilities │ alpine:3.8         │ true    │ 2023-08-21T16:41:04Z │ 1671         │
│ vulnerabilities │ alpine:3.9         │ true    │ 2023-08-21T16:41:04Z │ 1955         │
│ vulnerabilities │ alpine:edge        │ true    │ 2023-08-21T16:41:04Z │ 5571         │
│ vulnerabilities │ amzn:2             │ true    │ 2023-08-21T16:41:04Z │ 1381         │
│ vulnerabilities │ amzn:2022          │ true    │ 2023-08-21T16:41:04Z │ 276          │
│ vulnerabilities │ amzn:2023          │ true    │ 2023-08-21T16:41:04Z │ 300          │
│ vulnerabilities │ chainguard:rolling │ true    │ 2023-08-21T16:41:04Z │ 378          │
│ vulnerabilities │ debian:10          │ true    │ 2023-08-21T16:41:04Z │ 27731        │
│ vulnerabilities │ debian:11          │ true    │ 2023-08-21T16:41:04Z │ 27886        │
│ vulnerabilities │ debian:12          │ true    │ 2023-08-21T16:41:04Z │ 26675        │
│ vulnerabilities │ debian:13          │ true    │ 2023-08-21T16:41:04Z │ 26359        │
│ vulnerabilities │ debian:7           │ true    │ 2023-08-21T16:41:04Z │ 20455        │
│ vulnerabilities │ debian:8           │ true    │ 2023-08-21T16:41:04Z │ 24058        │
│ vulnerabilities │ debian:9           │ true    │ 2023-08-21T16:41:04Z │ 28240        │
│ vulnerabilities │ debian:unstable    │ true    │ 2023-08-21T16:41:04Z │ 30185        │
│ vulnerabilities │ mariner:1.0        │ true    │ 2023-08-21T16:41:04Z │ 2096         │
│ vulnerabilities │ mariner:2.0        │ true    │ 2023-08-21T16:41:04Z │ 1774         │
│ vulnerabilities │ ol:5               │ true    │ 2023-08-21T16:41:04Z │ 1255         │
│ vulnerabilities │ ol:6               │ true    │ 2023-08-21T16:41:04Z │ 1695         │
│ vulnerabilities │ ol:7               │ true    │ 2023-08-21T16:41:04Z │ 2005         │
│ vulnerabilities │ ol:8               │ true    │ 2023-08-21T16:41:04Z │ 1372         │
│ vulnerabilities │ ol:9               │ true    │ 2023-08-21T16:41:04Z │ 359          │
│ vulnerabilities │ rhel:5             │ true    │ 2023-08-21T16:41:04Z │ 6995         │
│ vulnerabilities │ rhel:6             │ true    │ 2023-08-21T16:41:04Z │ 8720         │
│ vulnerabilities │ rhel:7             │ true    │ 2023-08-21T16:41:04Z │ 8452         │
│ vulnerabilities │ rhel:8             │ true    │ 2023-08-21T16:41:04Z │ 4828         │
│ vulnerabilities │ rhel:9             │ true    │ 2023-08-21T16:41:04Z │ 1752         │
│ vulnerabilities │ sles:11            │ true    │ 2023-08-21T16:41:04Z │ 594          │
│ vulnerabilities │ sles:11.1          │ true    │ 2023-08-21T16:41:04Z │ 6125         │
│ vulnerabilities │ sles:11.2          │ true    │ 2023-08-21T16:41:04Z │ 3291         │
│ vulnerabilities │ sles:11.3          │ true    │ 2023-08-21T16:41:04Z │ 7081         │
│ vulnerabilities │ sles:11.4          │ true    │ 2023-08-21T16:41:04Z │ 6583         │
│ vulnerabilities │ sles:12            │ true    │ 2023-08-21T16:41:04Z │ 5948         │
│ vulnerabilities │ sles:12.1          │ true    │ 2023-08-21T16:41:04Z │ 6205         │
│ vulnerabilities │ sles:12.2          │ true    │ 2023-08-21T16:41:04Z │ 8306         │
│ vulnerabilities │ sles:12.3          │ true    │ 2023-08-21T16:41:04Z │ 10161        │
│ vulnerabilities │ sles:12.4          │ true    │ 2023-08-21T16:41:04Z │ 10121        │
│ vulnerabilities │ sles:12.5          │ true    │ 2023-08-21T16:41:04Z │ 10728        │
│ vulnerabilities │ sles:15            │ true    │ 2023-08-21T16:41:04Z │ 8738         │
│ vulnerabilities │ sles:15.1          │ true    │ 2023-08-21T16:41:04Z │ 8852         │
│ vulnerabilities │ sles:15.2          │ true    │ 2023-08-21T16:41:04Z │ 8455         │
│ vulnerabilities │ sles:15.3          │ true    │ 2023-08-21T16:41:04Z │ 8753         │
│ vulnerabilities │ sles:15.4          │ true    │ 2023-08-21T16:41:04Z │ 8678         │
│ vulnerabilities │ sles:15.5          │ true    │ 2023-08-21T16:41:04Z │ 7753         │
│ vulnerabilities │ ubuntu:12.04       │ true    │ 2023-08-21T16:41:04Z │ 14934        │
│ vulnerabilities │ ubuntu:12.10       │ true    │ 2023-08-21T16:41:04Z │ 5641         │
│ vulnerabilities │ ubuntu:13.04       │ true    │ 2023-08-21T16:41:04Z │ 4117         │
│ vulnerabilities │ ubuntu:14.04       │ true    │ 2023-08-21T16:41:04Z │ 32822        │
│ vulnerabilities │ ubuntu:14.10       │ true    │ 2023-08-21T16:41:04Z │ 4437         │
│ vulnerabilities │ ubuntu:15.04       │ true    │ 2023-08-21T16:41:04Z │ 6220         │
│ vulnerabilities │ ubuntu:15.10       │ true    │ 2023-08-21T16:41:04Z │ 6489         │
│ vulnerabilities │ ubuntu:16.04       │ true    │ 2023-08-21T16:41:04Z │ 29968        │
│ vulnerabilities │ ubuntu:16.10       │ true    │ 2023-08-21T16:41:04Z │ 8607         │
│ vulnerabilities │ ubuntu:17.04       │ true    │ 2023-08-21T16:41:04Z │ 9094         │
│ vulnerabilities │ ubuntu:17.10       │ true    │ 2023-08-21T16:41:04Z │ 7900         │
│ vulnerabilities │ ubuntu:18.04       │ true    │ 2023-08-21T16:41:04Z │ 24446        │
│ vulnerabilities │ ubuntu:18.10       │ true    │ 2023-08-21T16:41:04Z │ 8368         │
│ vulnerabilities │ ubuntu:19.04       │ true    │ 2023-08-21T16:41:04Z │ 8635         │
│ vulnerabilities │ ubuntu:19.10       │ true    │ 2023-08-21T16:41:04Z │ 8416         │
│ vulnerabilities │ ubuntu:20.04       │ true    │ 2023-08-21T16:41:04Z │ 18500        │
│ vulnerabilities │ ubuntu:20.10       │ true    │ 2023-08-21T16:41:04Z │ 9979         │
│ vulnerabilities │ ubuntu:21.04       │ true    │ 2023-08-21T16:41:04Z │ 11310        │
│ vulnerabilities │ ubuntu:21.10       │ true    │ 2023-08-21T16:41:04Z │ 12627        │
│ vulnerabilities │ ubuntu:22.04       │ true    │ 2023-08-21T16:41:04Z │ 16763        │
│ vulnerabilities │ ubuntu:22.10       │ true    │ 2023-08-21T16:41:04Z │ 14506        │
│ vulnerabilities │ ubuntu:23.04       │ true    │ 2023-08-21T16:41:04Z │ 14044        │
│ vulnerabilities │ wolfi:rolling      │ true    │ 2023-08-21T16:41:04Z │ 353          │
└─────────────────┴────────────────────┴─────────┴──────────────────────┴──────────────┘

Using the Config File to Include/Exclude Feeds at System Bootstrap

The most common way to set which feeds are synced is in the config.yaml for the policy engine. By default, the vulnerabilities, nvdv2, and github feeds are synced to provide good vulnerability matching support for a variety of Linux distros and application package types. Normally it will not be necessary to modify that set.

To disable a feed or enable a disabled feed, modify the config.yaml’s feeds section to:

feeds:
  selective_sync: 
    enabled: true
    feeds:
      vulnerabilities: true
      nvdv2: true
      github: true
      packages: false

Those boolean values can be used to enable/disable the feeds. Note that changes will require a restart of the policy engine to take effect and settng a feed to ‘false’ will not remove any data or show in the API or via AnchoreCTL, it will simply skip updates during sync operations.

Last modified October 25, 2023