Secure
The default Secure policy pack comes included (and enabled) in every fresh deployment of Anchore Enterprise.
Current Secure policy pack version: Anchore Enterprise - Secure v20241001
Introduction
Anchore’s default Secure policy pack includes standard vulnerability and system-level checks and can be used against an image SBOM for policy compliance based on the policy actions configured in each rule. All the rules that are configured by default can (and should) be adjusted acccording to an organization’s security policy.
Anchore checks for the following control specifications in the Secure policy:
- Feed Data not available Fail if feed data is unavailable
- Outdated Feed Data Warn if feed data is more than 2 days old. This value can be adjusted based on internal requirements (Available for both Container and Source)
- Warn on low and moderate with fixes Warn when there are low and medium severity vulnerabilities found that also have a fix present (Available for both Container and Source)
- Warn on week old Important Warn when there are important severity vulnerabilities found that are more than a week old (Available for both Container and Source)
“Important” indicates the severity of a vulnerability. By default, it is set to “High” but this can be configured in the policy rule set - Fail on criticals Fail when there are critical severity vulnerabilities present (Available for both Container and Source)