Anchore Enterprise Release Notes - Version 5.6.0
Anchore Enterprise v5.6.0
Anchore Enterprise release v5.6.0 contains targeted fixes and improvements.
Attention
The v5.5.0 release changed the defaults for the feed provider’s configuration. The new defaults will import results published by Anchore every six (6) hours. This will reduce configuration to multiple sources, provide the NVD with Anchore Enriched data, as well as make GitHub Security Advisories available to customers that have firewall constraints. Please ensure that you have access to https://enterprise.vunnel.feed.anchore.io for uninterrupted feeds service.Enterprise Service Updates
Requirements
- If upgrading from a v4.x release, please refer to the v4.x –> v5.x Migration Guide.
- If upgrading from a release in the range of v5.0.0 - v5.3.0
- The upgrade will result in an automatic schema change that will require database downtime. We are anticipating that this schema change may take more than an hour to complete depending on the amount of data in your reporting system.
- If your Anchore Enterprise deployment is on FIPS enabled hosts and your database is being hosted on Amazon RDS, an upgrade to Postgres 16 or greater is required. For more information please see the FIPS section in Requirements.
- If upgrading from a release in the range of v5.4.x - v5.5.x
- The upgrade will result in an automatic schema change that will require database downtime. We expect that this will take between 2 and 15 minutes depending on the amount of data in your system.
Improvements
/v2/system/statistics
API endpoint now includes creation and current counts of runtime inventory and associated metadata./v2/system/feeds
and/v2/system/feeds/{feed}
API endpoints now include the last updated time for the feed groups.- Artifact Lifecycle Policies now include a new policy condition to preserve base images.
- Deployment history now includes the initial deployment information.
/v2/images
and/v2/summaries/image-tags
API endpoints now include an optional flaganalyzed_since
to help reduce the amount of data returned.
Fixes
- Ensures that the layer cache is cleared periodically.
- Ensures image imports are not removed until they have been completely processed.
- Fixes inconsistent return values when specifying registry data to the POST
/v2/registries
and/v2/registries/{registry_name}
endpoints. - Improves the validation of data posted to the
/v2/ecs-inventory
endpoint. - Improves the validation around the object store compression setting. Appropriate error messages are now available in the log during startup.
- Resolves an issue with Policy evaluation and in Reports where inherited_from_base information for vulnerabilities was calculated against the image with the fewest layers in common instead of the most.
- Fixes an issue caused by expired image imports that resulted in logs being flooded with validation errors.
- Promptly load new tags and policy evaluations for existing images into the reporting system.
- Fixes the Ubuntu 24.04 mapping within Enterprise to be noble based on the security announcement. It was previous mapped to numbat incorrectly.
- The
Stale Feed Policy Gate
trigger now uses the last updated time per feed group. - Fixes a deadlock seen by the report-worker service while updating the runtime inventory data in the reporting system.
Deprecations
- Support for OpenStack Swift, which is an open-source object storage system, has been deprecated. Please see Object Storage for a list of supported Object Stores.
- In the upcoming v5.7.0 release, the support for package feeds, Ruby Gem and NPM will be deprecated. Please contact Anchore Support for more information.
UI Updates
Improvements
- By default, the account context is now included within the URL when navigating throughout the application. This change allows users to bookmark or share links that will open the application in the same account context as the original link, as long as they have sufficient permissions to access the resource.
- The Image Selection view has been further optimized to improve performance when loading the different data tiers (registry, repository, and tags) via server-side pagination, filtering, and sorting. This optimization should reduce the time taken to present the information in each of these tables.
- The Dashboard view has been optimized to improve the Time to Interactive (TTI) on load. Calculation of Dashboard metrics can take a significant amount of time, so we now allow the pending metrics data to continue loading without blocking the UI. Since the Dashboard view is typically the default on login, this change allows users to navigate elsewhere if desired.
- When creating or editing an image retention policy within the Data Management view, the option to exclude base images from removal is now available.
- When creating a SAML Provider Configuration, the system role
account-viewer
is no longer available to be set as the default role.
Fixes
- The View Incomplete Analyses modal within the Images tab had the ability to toggle between listing pending, analyzing, and failed images across your account or for the registry, repository, or tag you were viewing. This was removed in a previous release, but has now been reinstated.
- When certain modals were open and a forced logout was triggered due to a permission change or session expiration, the modal dimmer would remain. This has now been fixed.
- When creating a SAML Provider Configuration, the system role
account-viewer
is no longer available to be set as the default role. - Various supporting libraries have been updated in order to improve security, performance, and also to remove deprecation warnings from browser and server output logs. Redundant libraries have been removed to reduce the app startup time and overall size.
Recommended Component Versions
Component | Supported Version | Helm Chart Version | Additional Info |
---|---|---|---|
Enterprise | v5.6.0 | v2.7.0 | With Syft v1.5.0 and Grype v0.78.0 |
Enterprise Feeds | v5.6.0 | v2.6.0 | |
Enterprise UI | v5.6.0 | ||
AnchoreCTL | v5.6.2 | Deploying AnchoreCTL | |
Anchore ECS Inventory | v1.3.0 | v0.0.6 | https://github.com/anchore/ecs-inventory |
Anchore Kubernetes Inventory | v1.5.1 | v0.3.0 | https://github.com/anchore/k8s-inventory |
Kubernetes Admission Controller | v0.5.0 | v0.5.0 | https://github.com/anchore/kubernetes-admission-controller |
Jenkins Plugin | v3.0.0 | https://plugins.jenkins.io/anchore-container-scanner | |
Harbor Scanner Adapter | v1.3.2 | https://github.com/anchore/harbor-scanner-adapter | |
enterprise-gitlab-scan | v4.0.0 | docker.io/anchore/enterprise-gitlab-scan:v4.0.0 |
Anchore Helm Chart can be found at https://github.com/anchore/anchore-charts
Last modified June 3, 2024