Anchore Enterprise Release Notes - Version 4.7.0

Anchore Enterprise v4.7.0

Anchore Enterprise release v4.7.0 contains targeted fixes and improvements. A Database update is needed.

Enterprise v5.0.0 Release Notes

Please Note: If you are upgrading from an Anchore Enterprise version prior to v4.2.0, there is a known issue that will require you to upgrade to v4.2.0 or v4.3.0 first. Once completed, you will have no issues upgrading to v4.7.0. Please contact Anchore Support if you need further assistance.

Enterprise Service Updates

Improvements

  • Runtime Inventory
    • Anchore has introduced two new Runtime Inventory Agents for use with the v4.7.0 release of Anchore Enterprise. anchore-k8s-inventory and anchore-ecs-inventory will provide better access to your runtime environments. See Kubernetes Runtime Inventory and ECS Runtime Inventory for more details.
    • Runtime Inventory TTL was also improved to be more effective in helping you to manage expired inventory items.
  • Reporting
    • Vulnerabilities by Kubernetes Namespace is a new template which will allow you to view and filter on vulnerabilities found within a Kubernetes Namespace. The report will populate only if you have deployed the new anchore-k8s-inventory.
  • Feeds
    • Anchore Enterprise is now fully integrated with our Open Source applications of anchore/vunnel and anchore/grype-db.
    • Chainguard Linux Vulnerability Provider has been added to the list of feeds.
    • Support for the OVAL v2 RHEL Security Endpoint.
  • Account email field is now editable via API.
  • Vulnerability Package trigger, adds a new parameter that controls the behavior of vulnerabilities found in the base image. The new parameter can be set to trigger on vulnerabilities in the base image, trigger on vulnerabilities that are not in the base image, or to trigger only on vulnerabilities present in the base image.
  • Container Image SBOM generation and import from AnchoreCTL without the need for Syft
    • Combined with AnchoreCTL 1.6.0, you can now analyze images fully using AnchoreCTL and import the results to Enterprise, including secret scans, filesystem metadata analysis, content searches and file retrieval with equivalent functionality to what Enterprise-backend analysis scans produce. The only exception is that malware scanning is not supported by AnchoreCTL-based analysis.

Fixes

  • Enabling the Repo Watcher when there is already an image from the repo with an active subscription, no longer returns an error.
  • Adding a source sbom which does has java packages without a metadata virtual path is handled correctly.
  • Addressed an issue where Anchore Enterprise displayed multiple Binary Package Locations.
  • Correctly handle an import of an image sbom which contains packages with no metadata.
  • Improved handling of the Microsoft Windows product id during analysis of Windows containers.

UI Updates

Fixes

  • Various supporting libraries have been updated in order to improve security, performance, and also to remove deprecation warnings from browser and server output logs. Redundant libraries have been removed to reduce the app startup time and overall size.
ComponentRecommended Version
Enterprisev4.7.0
Enterprise UIv4.7.0
Helm Chartv1.25.0
AnchoreCTLv1.6.0
anchore-k8s-inventoryv1.0.0
anchore-ecs-inventoryv1.0.0
KAI (Deprecated)v0.5.0
Kubernetes Admission Controllerv0.4.0
REM (Remote Execution Manager)v0.1.10
Harbor Scanner Adapterv1.0.1
Jenkins Pluginv1.0.25
Last modified June 30, 2023