Feed Configuration
Note If you are using Helm to deploy Anchore Enterprise, configuration options for feeds can be found nested under the feeds property in the values file.
Feed Synchronization Interval
The default configuration for Anchore Enterprise will download vulnerability data from Anchore’s feed service every 21,600 seconds (6hours).
For most users the only configuration option that is typically updated is the feed synchronization interval - the time interval (in seconds) at which the feed sync is run.
.....
cycle_timers:
...
feed_sync: 14400
Feed Data Settings
Feed data configuration is set in the config.yaml file used by policy engine service. The services.policy_engine.vulnerabilities.sync.data
section
of the configuration file controls the behavior of data to be synced. In addition, the data groups that can be synced depend on the services.policy_engine.vulnerabilities.provider
,
and are explained in detail in the following sections.
Feed Groups
Anchore Enterprise is configured with grype
as the services.policy_engine.vulnerabilities.provider
and grypedb
feed group enabled.
The grypedb
feed group syncs a single Grype database to the policy engine.
A Grype database contains data that spans multiple groups. Due to this encapsulation, it is not possible to enable or disable individual feed groups.
Anchore Enterprise will default to downloading the feed group from a publicly accessible URL maintained by Grype https://toolbox-data.anchore.io/grype/databases/listing.json.
The Grype database available from this endpoint does not include third-party/proprietary groups such as MSRC.
To get those groups, set url
(or override the environment variable ANCHORE_GRYPE_DB_URL
) to your local feed service.
services:
...
policy_engine:
...
vulnerabilities:
provider: grype
...
sync:
...
data:
grypedb:
enabled: true
url: ${ANCHORE_GRYPE_DB_URL}
Read Timeout
Under rare circumstances you may see syncs failing with errors to fetch data due to timeouts. This is typically due to load on the feed service, network issues, or some other temporary condition. However, if you want to increase the timeout to increase the likelihood of success, modify the read_timeout_seconds of the feeds configuration:
feeds:
...
read_timeout_seconds: 180
Controlling Which Feeds and Groups are Synced
Note: The package and nvd data feeds are large, resulting in the initial sync taking some time to sync.
During initial feed sync, you can always query the progress and status of the feed sync using anchorectl
.
# anchorectl feed list
✔ List feed
┌─────────────────┬────────────────────┬─────────┬──────────────────────┬──────────────┐
│ FEED │ GROUP │ ENABLED │ LAST SYNC │ RECORD COUNT │
├─────────────────┼────────────────────┼─────────┼──────────────────────┼──────────────┤
│ vulnerabilities │ github:composer │ true │ 2023-08-21T16:41:04Z │ 2148 │
│ vulnerabilities │ github:gem │ true │ 2023-08-21T16:41:04Z │ 700 │
│ vulnerabilities │ github:go │ true │ 2023-08-21T16:41:04Z │ 1176 │
│ vulnerabilities │ github:java │ true │ 2023-08-21T16:41:04Z │ 3848 │
│ vulnerabilities │ github:npm │ true │ 2023-08-21T16:41:04Z │ 3450 │
│ vulnerabilities │ github:nuget │ true │ 2023-08-21T16:41:04Z │ 496 │
│ vulnerabilities │ github:python │ true │ 2023-08-21T16:41:04Z │ 1966 │
│ vulnerabilities │ github:rust │ true │ 2023-08-21T16:41:04Z │ 628 │
│ vulnerabilities │ nvd │ true │ 2023-08-21T16:41:04Z │ 223049 │
│ vulnerabilities │ alpine:3.10 │ true │ 2023-08-21T16:41:04Z │ 2321 │
│ vulnerabilities │ alpine:3.11 │ true │ 2023-08-21T16:41:04Z │ 2659 │
│ vulnerabilities │ alpine:3.12 │ true │ 2023-08-21T16:41:04Z │ 3193 │
│ vulnerabilities │ alpine:3.13 │ true │ 2023-08-21T16:41:04Z │ 3684 │
│ vulnerabilities │ alpine:3.14 │ true │ 2023-08-21T16:41:04Z │ 4265 │
│ vulnerabilities │ alpine:3.15 │ true │ 2023-08-21T16:41:04Z │ 4760 │
│ vulnerabilities │ alpine:3.16 │ true │ 2023-08-21T16:41:04Z │ 5146 │
│ vulnerabilities │ alpine:3.17 │ true │ 2023-08-21T16:41:04Z │ 5399 │
│ vulnerabilities │ alpine:3.18 │ true │ 2023-08-21T16:41:04Z │ 5566 │
│ vulnerabilities │ alpine:3.2 │ true │ 2023-08-21T16:41:04Z │ 305 │
│ vulnerabilities │ alpine:3.3 │ true │ 2023-08-21T16:41:04Z │ 470 │
│ vulnerabilities │ alpine:3.4 │ true │ 2023-08-21T16:41:04Z │ 679 │
│ vulnerabilities │ alpine:3.5 │ true │ 2023-08-21T16:41:04Z │ 902 │
│ vulnerabilities │ alpine:3.6 │ true │ 2023-08-21T16:41:04Z │ 1075 │
│ vulnerabilities │ alpine:3.7 │ true │ 2023-08-21T16:41:04Z │ 1461 │
│ vulnerabilities │ alpine:3.8 │ true │ 2023-08-21T16:41:04Z │ 1671 │
│ vulnerabilities │ alpine:3.9 │ true │ 2023-08-21T16:41:04Z │ 1955 │
│ vulnerabilities │ alpine:edge │ true │ 2023-08-21T16:41:04Z │ 5571 │
│ vulnerabilities │ amzn:2 │ true │ 2023-08-21T16:41:04Z │ 1381 │
│ vulnerabilities │ amzn:2022 │ true │ 2023-08-21T16:41:04Z │ 276 │
│ vulnerabilities │ amzn:2023 │ true │ 2023-08-21T16:41:04Z │ 300 │
│ vulnerabilities │ chainguard:rolling │ true │ 2023-08-21T16:41:04Z │ 378 │
│ vulnerabilities │ debian:10 │ true │ 2023-08-21T16:41:04Z │ 27731 │
│ vulnerabilities │ debian:11 │ true │ 2023-08-21T16:41:04Z │ 27886 │
│ vulnerabilities │ debian:12 │ true │ 2023-08-21T16:41:04Z │ 26675 │
│ vulnerabilities │ debian:13 │ true │ 2023-08-21T16:41:04Z │ 26359 │
│ vulnerabilities │ debian:7 │ true │ 2023-08-21T16:41:04Z │ 20455 │
│ vulnerabilities │ debian:8 │ true │ 2023-08-21T16:41:04Z │ 24058 │
│ vulnerabilities │ debian:9 │ true │ 2023-08-21T16:41:04Z │ 28240 │
│ vulnerabilities │ debian:unstable │ true │ 2023-08-21T16:41:04Z │ 30185 │
│ vulnerabilities │ mariner:1.0 │ true │ 2023-08-21T16:41:04Z │ 2096 │
│ vulnerabilities │ mariner:2.0 │ true │ 2023-08-21T16:41:04Z │ 1774 │
│ vulnerabilities │ ol:5 │ true │ 2023-08-21T16:41:04Z │ 1255 │
│ vulnerabilities │ ol:6 │ true │ 2023-08-21T16:41:04Z │ 1695 │
│ vulnerabilities │ ol:7 │ true │ 2023-08-21T16:41:04Z │ 2005 │
│ vulnerabilities │ ol:8 │ true │ 2023-08-21T16:41:04Z │ 1372 │
│ vulnerabilities │ ol:9 │ true │ 2023-08-21T16:41:04Z │ 359 │
│ vulnerabilities │ rhel:5 │ true │ 2023-08-21T16:41:04Z │ 6995 │
│ vulnerabilities │ rhel:6 │ true │ 2023-08-21T16:41:04Z │ 8720 │
│ vulnerabilities │ rhel:7 │ true │ 2023-08-21T16:41:04Z │ 8452 │
│ vulnerabilities │ rhel:8 │ true │ 2023-08-21T16:41:04Z │ 4828 │
│ vulnerabilities │ rhel:9 │ true │ 2023-08-21T16:41:04Z │ 1752 │
│ vulnerabilities │ sles:11 │ true │ 2023-08-21T16:41:04Z │ 594 │
│ vulnerabilities │ sles:11.1 │ true │ 2023-08-21T16:41:04Z │ 6125 │
│ vulnerabilities │ sles:11.2 │ true │ 2023-08-21T16:41:04Z │ 3291 │
│ vulnerabilities │ sles:11.3 │ true │ 2023-08-21T16:41:04Z │ 7081 │
│ vulnerabilities │ sles:11.4 │ true │ 2023-08-21T16:41:04Z │ 6583 │
│ vulnerabilities │ sles:12 │ true │ 2023-08-21T16:41:04Z │ 5948 │
│ vulnerabilities │ sles:12.1 │ true │ 2023-08-21T16:41:04Z │ 6205 │
│ vulnerabilities │ sles:12.2 │ true │ 2023-08-21T16:41:04Z │ 8306 │
│ vulnerabilities │ sles:12.3 │ true │ 2023-08-21T16:41:04Z │ 10161 │
│ vulnerabilities │ sles:12.4 │ true │ 2023-08-21T16:41:04Z │ 10121 │
│ vulnerabilities │ sles:12.5 │ true │ 2023-08-21T16:41:04Z │ 10728 │
│ vulnerabilities │ sles:15 │ true │ 2023-08-21T16:41:04Z │ 8738 │
│ vulnerabilities │ sles:15.1 │ true │ 2023-08-21T16:41:04Z │ 8852 │
│ vulnerabilities │ sles:15.2 │ true │ 2023-08-21T16:41:04Z │ 8455 │
│ vulnerabilities │ sles:15.3 │ true │ 2023-08-21T16:41:04Z │ 8753 │
│ vulnerabilities │ sles:15.4 │ true │ 2023-08-21T16:41:04Z │ 8678 │
│ vulnerabilities │ sles:15.5 │ true │ 2023-08-21T16:41:04Z │ 7753 │
│ vulnerabilities │ ubuntu:12.04 │ true │ 2023-08-21T16:41:04Z │ 14934 │
│ vulnerabilities │ ubuntu:12.10 │ true │ 2023-08-21T16:41:04Z │ 5641 │
│ vulnerabilities │ ubuntu:13.04 │ true │ 2023-08-21T16:41:04Z │ 4117 │
│ vulnerabilities │ ubuntu:14.04 │ true │ 2023-08-21T16:41:04Z │ 32822 │
│ vulnerabilities │ ubuntu:14.10 │ true │ 2023-08-21T16:41:04Z │ 4437 │
│ vulnerabilities │ ubuntu:15.04 │ true │ 2023-08-21T16:41:04Z │ 6220 │
│ vulnerabilities │ ubuntu:15.10 │ true │ 2023-08-21T16:41:04Z │ 6489 │
│ vulnerabilities │ ubuntu:16.04 │ true │ 2023-08-21T16:41:04Z │ 29968 │
│ vulnerabilities │ ubuntu:16.10 │ true │ 2023-08-21T16:41:04Z │ 8607 │
│ vulnerabilities │ ubuntu:17.04 │ true │ 2023-08-21T16:41:04Z │ 9094 │
│ vulnerabilities │ ubuntu:17.10 │ true │ 2023-08-21T16:41:04Z │ 7900 │
│ vulnerabilities │ ubuntu:18.04 │ true │ 2023-08-21T16:41:04Z │ 24446 │
│ vulnerabilities │ ubuntu:18.10 │ true │ 2023-08-21T16:41:04Z │ 8368 │
│ vulnerabilities │ ubuntu:19.04 │ true │ 2023-08-21T16:41:04Z │ 8635 │
│ vulnerabilities │ ubuntu:19.10 │ true │ 2023-08-21T16:41:04Z │ 8416 │
│ vulnerabilities │ ubuntu:20.04 │ true │ 2023-08-21T16:41:04Z │ 18500 │
│ vulnerabilities │ ubuntu:20.10 │ true │ 2023-08-21T16:41:04Z │ 9979 │
│ vulnerabilities │ ubuntu:21.04 │ true │ 2023-08-21T16:41:04Z │ 11310 │
│ vulnerabilities │ ubuntu:21.10 │ true │ 2023-08-21T16:41:04Z │ 12627 │
│ vulnerabilities │ ubuntu:22.04 │ true │ 2023-08-21T16:41:04Z │ 16763 │
│ vulnerabilities │ ubuntu:22.10 │ true │ 2023-08-21T16:41:04Z │ 14506 │
│ vulnerabilities │ ubuntu:23.04 │ true │ 2023-08-21T16:41:04Z │ 14044 │
│ vulnerabilities │ wolfi:rolling │ true │ 2023-08-21T16:41:04Z │ 353 │
└─────────────────┴────────────────────┴─────────┴──────────────────────┴──────────────┘
Using the Config File to Include/Exclude Feeds at System Bootstrap
The most common way to set which feeds are synced is in the config.yaml for the policy engine. By default, the vulnerabilities, nvdv2, and github feeds are synced to provide good vulnerability matching support for a variety of Linux distros and application package types. Normally it will not be necessary to modify that set.
To disable a feed or enable a disabled feed, modify the config.yaml’s feeds section to:
feeds:
selective_sync:
enabled: true
feeds:
vulnerabilities: true
nvdv2: true
github: true
packages: false
Those boolean values can be used to enable/disable the feeds. Note that changes will require a restart of the policy engine to take effect and settng a feed to ‘false’ will not remove any data or show in the API or via AnchoreCTL, it will simply skip updates during sync operations.
Last modified February 19, 2024