Anchore Enterprise Release Notes - Version 5.3.0

Anchore Enterprise v5.3.0

Anchore Enterprise release v5.3.0 contains targeted fixes and improvements.

Enterprise Service Updates

Announcements

Requirements

Improvements

  • User Groups API Support (v5.3.0 Preview)
    • Providing the ability for an administrator to define one or more RBAC Roles for one or more accounts within an User Group. The administrator has the ability to add and remove users from the User Groups. These users will automatically have the privileges as defined by the User Group in addition to any explicitly assigned RBAC Roles.
  • Policy
    • Policy packages gate has a new metadata trigger and provides the following parameter values:
      • Package type to exact match against
      • Package name to match against (supports wildcards)
      • Package version to match against (supports wildcards)
    • Allowlists can contain either CVEs or corresponding Advisory IDs and work the same regardless of which was used to match the Trigger ID.
  • Reports
    • Report executions that fail to complete after 3 attempts will be cancelled. The report will continue to be executed on any defined schedule.
    • Improved the description of the Current Only filter in reports that contain tag information.
  • The /system/statistics endpoint now includes the number of successful policy evaluations and the number of reports generated.
  • Improved the performance of the background task that deletes older runtime inventory based on the configuration value inventory_ttl_days.
  • Improved the performance of Policy Evaluations.
  • Improved the behavior of the GitHub Vulnerability Provider when a token is not provided. The system will automatically disable this provider and log a warning message to alert the user.

Fixes

  • Addressed an issue where the policy’s dockerfile gate with effective_user trigger could not determine the effective user.
  • Enterprise provides better handling of NuGet packages.
  • Syft v0.105.0 improved its ability to search common patterns within a go binary. This should resolve an issue determining the version where the main module is (devel).
  • Addressed a failure seen by all the feed providers when the GitHub Token was set to NULL instead of an empty string.
  • Fixed the Policy distro gate when the version field was a non-numeric value (ie latest).
  • Policy Engine has improved its validation of the grype-db during startup.
  • JAR filenames, which had an underscore in their names, are now parsed correct in SBOMs.

Deprecations

  • Support for OpenStack Swift, which is an open-source object storage system, has been deprecated. Please see Object Storage for a list of supported Object Stores.

UI Updates

Improvements

  • The results table within the Vulnerabilities tab now contains a CVEs column that lists all CVEs associated with each vulnerability.

  • NVD CVSS Base Score is now included in the CSV and JSON reports that are generated from the Vulnerabilities tab in the Artifact Analysis view. In addition, a CVEs column has also been added in order to fully represent every CVE associated with each

  • The results view for a report now contains the following additional details:

    • Results generation started at
    • Results generation completed at'

Fixes (v5.3.1)

  • Due to a regression accidentally introduced in version 5.2.0, the migration of reports predating 5.0.0 would fail upon upgrading to 5.2.0. This failure resulted in a service error when attempting to view the report from the Saved Reports view. This issue has now been resolved.
  • In rare cases, the Accounts view would return a 404 if it tried to fetch users from an account that had been deleted by another admin. This issue has now been addressed.
  • Due to a regression in 5.3.0, the calendar widget available in Events and Policies was not centered correctly. This issue has now been resolved.

Fixes (v5.3.0)

  • A fix has been provided for an issue where reports that have no results either serve corrupted (JSON) or empty (CSV) files on download. This issue has now been addressed.

  • In previous releases, the timestamps displayed in the Report Results view were not correctly calculated if the page was visited directly via URL, or if the page was refreshed. Now fixed.

  • Deleted image retention policies are no longer displayed in the System > Data Management view (admin only).

  • Various supporting libraries have been updated in order to improve security, performance, and also to remove deprecation warnings from browser and server output logs. Redundant libraries have been removed to reduce the app startup time and overall size.

ComponentSupported VersionAdditional Info
Enterprisev5.3.0With Syft v0.105.0 and Grype v0.74.6
Enterprise UIv5.3.1
AnchoreCTLv5.3.0Deploying AnchoreCTL
Enterprise Helm Chartv2.4.1https://github.com/anchore/anchore-charts
Anchore ECS Inventoryv1.3.0https://github.com/anchore/ecs-inventory
Anchore Kubernetes Inventoryv1.2.0https://github.com/anchore/k8s-inventory
Kubernetes Admission Controllerv0.5.0https://github.com/anchore/kubernetes-admission-controller
Jenkins Pluginv2.0.0https://plugins.jenkins.io/anchore-container-scanner
Harbor Scanner Adapterv1.3.0https://github.com/anchore/harbor-scanner-adapter
enterprise-gitlab-scanv4.0.0docker.io/anchore/enterprise-gitlab-scan:v4.0.0
Last modified March 8, 2024