1 - Anchore Data Service Release Notes - Version 0.33.0 (2026-07-01)
Anchore Data Service v0.33.0 - 2026-07-01
Core Components
| name | version |
|---|---|
| vunnel | v0.61.1 |
| grype-db | v0.54.1 |
| grype | v0.115.0 |
#### Features
- Enables the RedHat
hummingbirdprovider - Utilises a new more efficient
ubuntuprovider implementation
2 - Anchore Data Service Release Notes - Version 0.32.0 (2026-06-17)
Anchore Data Service v0.32.0 - 2026-06-17
Core Components
| name | version |
|---|---|
| vunnel | v0.60.0 |
| grype-db | v0.54.0 |
| grype | v0.114.0 |
#### Features
Enable the
almaprovider which considers AlmaLinux-specific remediations that differ from RedHat Enterprise Linux when doing vulnerability matching. These will only be accounted for properly on Anchore Enterprise deployment versions 5.27.x and above.Supports maven package remediations from Chainguard Libraries
3 - Anchore Data Service Release Notes - Version 0.31.0 (2026-06-04)
Anchore Data Service v0.31.0 - 2026-06-04
Core Components
| name | version |
|---|---|
| vunnel | v0.59.0 |
| grype-db | v0.53.3 |
| grype | v0.112.0 |
#### Features
- Add support for SUSE Linux Enterprise Server 16.0 in
slesprovider. [#1193]
Improvements
4 - Anchore Data Service Release Notes - Version 0.30.0 (2026-05-20)
Anchore Data Service v0.30.0 - 2026-05-20
Core Components
| name | version |
|---|---|
| vunnel | v0.58.0 |
| grype-db | v0.53.3 |
| grype | v0.112.0 |
#### Features
Emit unaffected records for
rhel,ubuntu,debian, andsles. [#1134, #1136, #1137, #1153]Update
ubuntuprovider to start pulling data for Ubuntu 26.04. [#1149]Support maven packages from
chainguard-libraries. [#1160]
Improvements
- Fix parsing of advisory dates for CSAF data sources. [#1132]
5 - Anchore Data Service Release Notes - Version 0.29.0 (2026-05-12)
Anchore Data Service v0.29.0 - 2026-05-12
Core Components
| name | version |
|---|---|
| vunnel | v0.56.0 |
| grype-db | v0.53.1 |
| grype | v0.111.0 |
#### Features
- introduces a curated mapping of known CPEs to grype ecosystem/packages. This allows creating affected_package_handle rows for data where the only current source of matching data is a CPE-only source. [#3332]
Improvements
- Improves interpretation of
ignoredstate for theubuntuprovider. [#1123]
6 - Anchore Data Service Release Notes - Version 0.28.0 (2026-03-12)
Anchore Data Service v0.28.0 - 2026-03-12
Core Components
| name | version |
|---|---|
| vunnel | v0.55.3 |
| grype-db | v0.53.0 |
| grype | v0.109.1 |
Features
Updates the
photondata provider to remove all BDSA references as there is no public info for those [#1090]Updates the
alpinedata provider to ensure that Alpine Security Rejections take priority over individual SecDB entries [#1092]Updates the
ubuntuprovider to infer prior release statuses based on ESM findings in specific cases [#1077]
7 - Anchore Data Service Release Notes - Version 0.27.0 (2026-03-02)
Anchore Data Service v0.27.0 - 2026-03-02
Core Components
| name | version |
|---|---|
| vunnel | v0.55.1 |
| grype-db | v0.52.1 |
| grype | v0.109.0 |
Features
Enabled the
fedoradata provider which extrapolates vulnerability data from the Fedora Updates System (Bodhi) [#1052, #1058, #3232, #598]Enabled the
photondata provider which pulls in data from the Photon Advisory database and Photon Advisory Wiki [#1044, #1047, #872, #3227, #259]
Although these data providers are enabled, they will not be fully supported for vulnerability matching and policy evaluations in Anchore Enterprise until version 5.26.0.
8 - Anchore Data Service Release Notes - Version 0.26.0 (2026-02-10)
Anchore Data Service v0.26.0 - 2026-02-10
Core Components
| name | version |
|---|---|
| vunnel | v0.51.0 |
| grype-db | v0.51.0 |
Improvements
The
alpinedata provider now accounts for the Alpine Linux security rejections, therefore reducing false positive matches for that ecosystem [#1023]The
nvddata provider now merges in additional reference URLs from the Anchore Curated Vulnerability dataset [#1036]The
githubdata provider passes additional reference URLs and both CVSS 3.x and CVSS 4.x scores through to the vulnerability database [#1032, #863]
Features
Enabled the
bitnamidata provider which pulls in data from the Bitnami Vulnerability database [#512, #2538, #217]Enabled the
echodata provider which pulls in data from the Echo Advisory database[#815, #572, #2647]Enabled the
minimosdata provider which pulls in data from the MinimOS Advisory database [#814, #566, #2627]
Additional Notes
The following additional data sources have also been enabled and will be compiled into the vulnerability database; however, these will not currently be matched against by a released version of Anchore Enterprise. Matching support for these will be added in a future release.
- secureos - SecureOS Advisory database
- arch - Arch Linux Security advisories
- Erlang/Elixir ecosystem from GitHub Security Advisories
9 - Anchore Data Service Release Notes - Version 0.25.0 (2025-12-17)
Anchore Data Service v0.25.0 - 2025-12-17
- Added grype-db workflow details for improved visibility into database build processes.
- Updated malware database references used during our automated test runs.
- Ported build system to UV for faster and more reliable builds.
10 - Anchore Data Service Release Notes - Version 0.24.0 (2025-12-12)
Anchore Data Service v0.24.0 - 2025-12-12
- Updated to Vunnel v0.45.2 with vulnerability provider improvements and bug fixes.
- Various dependency updates for improved stability.
11 - Anchore Data Service Release Notes - Version 0.23.0 (2025-11-25)
Anchore Data Service v0.23.0 - 2025-11-25
- Updated to grype-db v0.47.0 with increased maximum file size for decompression, improving handling of large vulnerability datasets.
12 - Anchore Data Service Release Notes - Version 0.22.0 (2025-11-24)
Anchore Data Service v0.22.0 - 2025-11-24
- Added end-to-end validation for grype database builds to ensure database integrity.
- Various dependency updates for improved stability.
13 - Anchore Data Service Release Notes - Version 0.21.2 (2025-11-10)
Anchore Data Service v0.21.2 - 2025-11-10
- Enabled Chainguard Libraries provider for improved vulnerability data coverage for Chainguard-based container images.
14 - Anchore Data Service Release Notes - Version 0.21.1 (2025-11-07)
Anchore Data Service v0.21.1 - 2025-11-07
- Updated grype-db version with bug fixes and improvements.
15 - Anchore Data Service Release Notes - Version 0.21.0 (2025-10-29)
Anchore Data Service v0.21.0 - 2025-10-29
- Updated to grype-db v0.43.0 with improved vulnerability database builds.
- Enhanced build validation to fail when date is missing for fixed vulnerability records, ensuring data quality.
16 - Anchore Data Service Release Notes - Version 0.20.2 (2025-10-26)
Anchore Data Service v0.20.2 - 2025-10-26
- Updated to Vunnel v0.43.0 with fixes for Red Hat vulnerability parsing.
- Various dependency updates for improved stability.
17 - Anchore Data Service Release Notes - Version 0.20.1 (2025-10-17)
Anchore Data Service v0.20.1 - 2025-10-17
- Fixed typo in MSRC vunnel output for improved Microsoft vulnerability data accuracy.
- Updated CI infrastructure to use runners with more RAM for improved build reliability.
18 - Anchore Data Service Release Notes - Version 0.20.0 (2025-10-02)
Anchore Data Service v0.20.0 - 2025-10-02
- Updated ClamAV malware database to version 1.4.3 with the latest malware signatures and detection capabilities.
- Fixed publish tracking for STIG profiles database ensuring reliable data updates.
19 - Anchore Data Service Release Notes - Version 0.19.0 (2025-10-01)
Anchore Data Service v0.19.0 - 2025-10-01
- Added STIG Profiles database support for security compliance checking.
- STIG (Security Technical Implementation Guide) profiles provide DoD-approved security configurations.
- This enables customers to validate their systems against STIG compliance requirements.
- Improved CI publishing status tracking for STIG profiles.
20 - Anchore Data Service Release Notes - Version 0.18.0 (2025-09-29)
Anchore Data Service v0.18.0 - 2025-09-29
- Updated to Vunnel v0.41.0 with enhanced vulnerability provider support.
- Updated to grype-db v0.42.0 with vulnerability matching improvements.
- Added MSRC first-observed fix date protections for improved Microsoft vulnerability tracking.
- Fixed broken MSRC provider for consistent Microsoft vulnerability data.
21 - Anchore Data Service Release Notes - Version 0.17.0 (2025-09-11)
Anchore Data Service v0.17.0 - 2025-09-11
- Updated to grype-db v0.41.0 with enhanced vulnerability matching.
- Updated to Vunnel v0.39.2 with updated RHEL modularity data for improved Red Hat vulnerability matching.
22 - Anchore Data Service Release Notes - Version 0.16.0 (2025-08-14)
Anchore Data Service v0.16.0 - 2025-08-14
- Updated to grype-db v0.40.0 with support for fix dates in vulnerability records.
- Updated to Vunnel v0.38.2 with provider improvements.
- Added advisory date to MSRC (Microsoft Security Response Center) records for improved vulnerability tracking.
23 - Anchore Data Service Release Notes - Version 0.15.2 (2025-08-14)
Anchore Data Service v0.15.2 - 2025-08-14
- Improved database compression by using pigz for faster gzip compression.
- Increased compression level for reduced database file sizes.
24 - Anchore Data Service Release Notes - Version 0.15.0 (2025-08-12)
Anchore Data Service v0.15.0 - 2025-08-12
- Added support for Debian 13 (trixie) as a released distribution and Debian 14 (forky) as testing/sid/unstable.
- Various dependency updates for improved stability.
25 - Anchore Data Service Release Notes - Version 0.14.0 (2025-08-01)
Anchore Data Service v0.14.0 - 2025-08-01
- Updated to Vunnel v0.36.0 with enhanced provider support.
- Various dependency updates for improved stability.
26 - Anchore Data Service Release Notes - Version 0.13.0 (2025-07-23)
Anchore Data Service v0.13.0 - 2025-07-23
- Updated to Vunnel v0.36.0 with provider improvements and bug fixes.
27 - Anchore Data Service Release Notes - Version 0.12.0 (2025-07-07)
Anchore Data Service v0.12.0 - 2025-07-07
- Updated to grype-db v0.35.0 with vulnerability matching enhancements.
- Various dependency updates for improved stability.
28 - Anchore Data Service Release Notes - Version 0.11.0 (2025-06-04)
Anchore Data Service v0.11.0 - 2025-06-04
- Updated to grype-db v0.34.1 with improved vulnerability matching capabilities.
- Updated to Vunnel v0.34.2 with various provider improvements.
- Security update to ClamAV version 1.0.9.
- Enabled publishing v6 schema grype databases to support newer versions of Grype.
- Enabled EPSS and KEV vunnel providers for enhanced vulnerability scoring and known exploited vulnerability data.
- Added separate publishing pipeline for vulnerability match exclusions data.
29 - Anchore Data Service Release Notes - Version 0.10.1 (2025-03-05)
Anchore Data Service v0.10.1 - 2025-03-05
- Update to use Vunnel v0.30.0
- This version now uses RedHat’s CSAF advisories for vulnerability data. No change is expected to be noticed by our end users. Please see https://security.access.redhat.com/data/csaf/v2/advisories/ for more information
30 - Anchore Data Service Release Notes - Version 0.10.0 (2025-03-01)
Anchore Data Service v0.10.0 - 2025-03-01
- Update to use grype-db v0.28.0
31 - Anchore Data Service Release Notes - Version 0.9.0 (2025-02-05)
Anchore Data Service v0.9.0 - 2025-02-05
- The Malware database now uses ClamAV version 1.0.8. This version includes the latest malware signatures and detection capabilities.
- Added enhancements to the CISA KEV Database to fix certain inconsistencies in the data.
32 - Anchore Data Service Release Notes - Version 0.8.0 (2024-11-18)
Anchore Data Service v0.8.0 - 2024-11-18
- The vulnerability database has been improved by providing the inferred NVD Fix Version for vulnerabilities when possible.
This data is used to provide information on the version of a package that contains the fix for a vulnerability.
- Customers running Enterprise v5.10.0 and greater will automatically see this improved data on their next data sync.
- This data is used in
Vulnerabilities Policy Gate,Package Triggerwith optional parameter ofFix Available. - For further background see https://anchorecommunity.discourse.group/t/grype-is-getting-more-fix-info-soon/165
- The following PRs contain the relevant vulnerability database logic changes for this enhancement:
33 - Anchore Data Service Release Notes - Version 0.7.1 (2024-11-05)
Anchore Data Service v0.7.1 - 2024-11-05
- Provides a new dataset Exploit Prediction Scoring System Database (EPSS).
- The EPSS data is developed by the Forum of Incident Response and Security Teams (FIRST).
- This dataset can be used to provide a risk score for a vulnerability based on the likelihood that it will be exploited.
- The EPSS dataset will be available to all Anchore customers once they upgrade to the future Enterprise v5.12.0 release
which is expected at the end of November 2024.
- This data will be used in the
Vulnerabilities Policy GateandPackage Triggerwith optional parameters:EPSS Score ComparisonEPSS ScoreEPSS Percentile ComparisonEPSS Percentile
- This data will be used in the
34 - Anchore Data Service Release Notes - Version 0.6.1 (2024-10-23)
Anchore Data Service v0.6.1 - 2024-10-23
- Updated Grype DB v0.26.0 which includes the following changes:
- Ability to handle symlink paths when found in the upstream vulnerability providers.
35 - Anchore Data Service Release Notes - Version 0.6.0 (2024-10-18)
Anchore Data Service v0.6.0 - 2024-10-18
- Grype DB version has been incremented to 0.25.0. This brings in the following change:
- Grype DB now fetches OS type records from the NVD database.
36 - Anchore Data Service Release Notes - Version 0.5.1 (2024-09-26)
Anchore Data Service v0.5.1 - 2024-09-26
- Initial release of Anchore Data Service
- Anchore Data Service is a hosted service by Anchore that provides various data to all Enterprise customers. The datasets served include:
- Vulnerability Database (grypedb)
- ClamAV Malware Database
- CISA KEV (Known Exploited Vulnerabilities)
- Your Anchore License is all that’s required to authenticate with this service. The data syncer service in your Enterprise installation will automatically sync this data to your installation.