This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Reporting

Analyzing software produces a continuous stream of data — SBOMs, vulnerability matches, policy evaluations, runtime inventory snapshots — and none of it is actionable until someone can ask the right question against it. Anchore Enterprise includes a reporting engine, driven by the Enterprise Reporting Service, that lets teams query the platform’s own data in structured, repeatable ways to answer questions like “which images are failing policy?”, “which tags are affected by a specific CVE?”, or “which Kubernetes namespaces are running containers with critical vulnerabilities?”

Reporting is distinct from the platform’s export mechanisms. Exports emit SBOMs (SPDX, CycloneDX, Syft), vulnerability disclosure documents, and VEX statements for consumption by downstream tools, auditors, or customers. Reporting, by contrast, is the platform’s internal query layer — it takes stored SBOMs, policy evaluations, and vulnerability matches and produces structured results for the team operating Anchore Enterprise itself.

Templates, Filters, and Columns

Every report is generated from a template that defines the filters a user can apply and the columns that appear in the output. Templates come in two varieties:

  • System templates — shipped with Anchore Enterprise and maintained by the platform.
  • User templates — copies of system templates (or of other user templates) with filters, default values, and column layouts adjusted for a particular team’s workflow. User templates can be edited or deleted; system templates cannot.

Anchore Enterprise ships a set of system templates that cover the most common questions, organized around three themes:

  • Policy complianceImages Failing Policy Evaluation and Policy Compliance History by Tag identify non-compliant images and track compliance movement over time.
  • Vulnerability discoveryImages With Critical Vulnerabilities, Artifacts by Vulnerability, Tags by Vulnerability, and Images Affected by Vulnerability locate vulnerable software and the specific images it appears in, allowing queries that start from either the image or the CVE.
  • Runtime pivotsVulnerabilities by Kubernetes Namespace, Vulnerabilities by Kubernetes Container, and Vulnerabilities by ECS Container cross fleet-wide findings with runtime inventory, so security teams can focus on workloads that are actually running.

Ad-Hoc and Scheduled Execution

Reports can be run in two modes:

  • Ad hoc — a user selects a template, applies filters, previews the results, and downloads the output. Appropriate for one-off questions and exploratory analysis.
  • Scheduled — a saved report is configured to run daily, weekly, or monthly on a chosen day and time. Scheduled runs feed the results into the platform’s notification system, so the team receives the report through the same channels they use for other Anchore Enterprise alerts (email, Slack, Microsoft Teams, Jira, GitHub, or webhook).

Scheduled reporting is what turns point-in-time answers into continuous awareness. A weekly “Images With Critical Vulnerabilities” report, delivered to a security channel every Monday morning, makes remediation work visible before it becomes urgent.

Output Formats

Report results are available in several formats to match how they are consumed:

  • Tabular — an in-browser view for interactive review.
  • JSON — machine-readable output for ingestion into other tools or dashboards.
  • CSV — spreadsheet-friendly output for manual analysis, sharing, or archive.

The CSV format in particular is useful when the underlying result set is large: the UI may truncate a long list for display, but the CSV download contains the full filtered record set.

Where Reporting Fits

Because reporting reads from the same stored SBOMs and evaluations that every other part of Anchore Enterprise writes to, it supports several distinct workflows with the same underlying engine:

  • Finding what to remediate — the primary discovery input for Remediation. Before a team can triage, annotate, or fix a finding, they have to find it across a fleet.
  • Audit and compliance evidence — scheduled reports produce a time-stamped record of policy evaluations and vulnerability exposure, suitable for regulatory and customer audits.
  • Stakeholder communication — engineering, security, and executive audiences each want a different slice of the same data. User templates make it practical to produce a tailored view for each without maintaining parallel tooling.

For how to author templates, create and schedule reports, and manage report results, see Reporting and Remediation. For tuning the Reporting Service itself, see Reporting Service configuration.