This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Data Synchronization

Introduction

In this section, you’ll learn how Anchore Enterprise ingests the data used for analysis and vulnerability management.

Enterprise manages four datasets:

  • Vulnerability Database (grypedb)
  • ClamAV Malware Database
  • CISA KEV (Known Exploited Vulnerabilities)
  • EPSS (Exploit Prediction Scoring System)

Included about the requirements for running the data syncer service. You can read more about how Feeds works in the feature overview.

Requirements

Network Ingress

The following two FQDNs need to be allowlisted in your network to allow the Data Syncer Service to communicate with the Anchore Data Service:

https://data.anchore-enterprise.com
https://s3.us-west-2.amazonaws.com/enterprise-data-service.production.anchore.io

Ideally the endpoints can be whitelisted via a layer 7/proxy. If you require IP ACLs for whitelisting, the endpoints are within the AWS us-west-2 S3 & Global Cloudfront IP space (see https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html).

The following can be used to gather the IP ranges:

curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | \
jq -r '.prefixes[] | select(.region=="us-west-2" and .service=="S3") | .ip_prefix'

curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service=="CLOUDFRONT") | .ip_prefix' | sort

1 - Data Syncer Configuration

Dataset Synchronization Interval

The Data Syncer Service will check every hour if there is new data available from the Anchore Data Service. If it finds a new dataset then it will sync it down immediately. It will also trigger the Policy Engine Service to reprocess the data to make it available for policy evaluations. The analyzer checks the data syncer for a new ClamAV Malware signature database before every malware scan (if enabled).

Controlling Which Feeds and Groups are Synced

During initial data sync, you can always query the progress and status of the feed sync using anchorectl.

# anchorectl feed list
 ✔ List feed                                     
┌────────────────────────────────────────────┬────────────────────┬─────────┬──────────────────────┬──────────────┐
│ FEED                                       │ GROUP              │ ENABLED │ LAST UPDATED         │ RECORD COUNT │
├────────────────────────────────────────────┼────────────────────┼─────────┼──────────────────────┼──────────────┤
│ ClamAV Malware Database                    │ clamav_db          │ true    │ 2024-09-26T13:13:50Z │ 1            │
│ Vulnerabilities                            │ github:composer    │ true    │ 2024-09-26T12:14:50Z │ 4036         │
│ Vulnerabilities                            │ github:dart        │ true    │ 2024-09-26T12:14:50Z │ 8            │
│ Vulnerabilities                            │ github:gem         │ true    │ 2024-09-26T12:14:50Z │ 817          │
│ Vulnerabilities                            │ github:go          │ true    │ 2024-09-26T12:14:50Z │ 1875         │
│ Vulnerabilities                            │ github:java        │ true    │ 2024-09-26T12:14:50Z │ 5058         │
│ Vulnerabilities                            │ github:npm         │ true    │ 2024-09-26T12:14:50Z │ 15586        │
│ Vulnerabilities                            │ github:nuget       │ true    │ 2024-09-26T12:14:50Z │ 624          │
│ Vulnerabilities                            │ github:python      │ true    │ 2024-09-26T12:14:50Z │ 3226         │
.
.
.
│ CISA KEV (Known Exploited Vulnerabilities) │ kev_db             │ true    │ 2024-09-26T13:13:47Z │ 1181         │
| Exploit Prediction Scoring System Database │ epss_db            │ true    │ 2024-11-18T18:04:12Z │ 266565       │
└────────────────────────────────────────────┴────────────────────┴─────────┴──────────────────────┴──────────────┘

Using the Config File to Include/Exclude Feeds and Package Types when scanning for vulnerabilities

With the feed service removed, Enterprise no longer supports excluding certain providers and package types from the vulnerability feed. To ensure the same experience when using the product, you can now exclude certain providers and package types from matching vulnerabilities.

Using Helm

In your values.yaml file set the following:

policy_engine:
   vulnerabilities:
      matching:
        exclude:
          providers: ["rhel","debian"]
          package_types: ["rpm"]

Using Docker Compose

In your config.yaml file set the following:

services:
  policy_engine:
    vulnerabilities:
      matching:
        exclude:
          providers: ["rhel","debian"]
          package_types: ["rpm"]

Further information can be found in Vulnerability Management.

2 - Data Synchronization

When Anchore Enterprise runs, the Data Syncer Service will begin to synchronize security feed data from the Anchore Data Service.

CVE data for Linux distributions such as Alpine, CentOS, Debian, Oracle, Red Hat and Ubuntu will be downloaded. The initial sync typically take anywhere from 1-5 minutes depending on your environment and network speed. After that the Data Syncer Service will check every hour if there is new data available from the Anchore Data Service. If it finds a new dataset then it will sync it down immediately.

For air-gapped environments, please see the Air-Gapped documentation.

Checking Feed Status

Feed information can be retrieved through the API and AnchoreCTL.

# anchorectl feed list
 ✔ List feed                                                                                                                                                                                       
┌────────────────────────────────────────────┬────────────────────┬─────────┬──────────────────────┬──────────────┐
│ FEED                                       │ GROUP              │ ENABLED │ LAST UPDATED         │ RECORD COUNT │
├────────────────────────────────────────────┼────────────────────┼─────────┼──────────────────────┼──────────────┤
│ ClamAV Malware Database                    │ clamav_db          │ true    │ 2024-09-26T13:13:50Z │ 1            │
│ Vulnerabilities                            │ github:composer    │ true    │ 2024-09-26T12:14:50Z │ 4036         │
│ Vulnerabilities                            │ github:dart        │ true    │ 2024-09-26T12:14:50Z │ 8            │
│ Vulnerabilities                            │ github:gem         │ true    │ 2024-09-26T12:14:50Z │ 817          │
│ Vulnerabilities                            │ github:go          │ true    │ 2024-09-26T12:14:50Z │ 1875         │
│ Vulnerabilities                            │ github:java        │ true    │ 2024-09-26T12:14:50Z │ 5058         │
│ Vulnerabilities                            │ github:npm         │ true    │ 2024-09-26T12:14:50Z │ 15586        │
│ Vulnerabilities                            │ github:nuget       │ true    │ 2024-09-26T12:14:50Z │ 624          │
│ Vulnerabilities                            │ github:python      │ true    │ 2024-09-26T12:14:50Z │ 3226         │
│ Vulnerabilities                            │ github:rust        │ true    │ 2024-09-26T12:14:50Z │ 804          │
│ Vulnerabilities                            │ github:swift       │ true    │ 2024-09-26T12:14:50Z │ 32           │
│ Vulnerabilities                            │ msrc:10378         │ true    │ 2024-09-26T12:14:49Z │ 2668         │
│ Vulnerabilities                            │ msrc:10379         │ true    │ 2024-09-26T12:14:49Z │ 2645         │
│ Vulnerabilities                            │ msrc:10481         │ true    │ 2024-09-26T12:14:49Z │ 1951         │
│ Vulnerabilities                            │ msrc:10482         │ true    │ 2024-09-26T12:14:49Z │ 2028         │
│ Vulnerabilities                            │ msrc:10483         │ true    │ 2024-09-26T12:14:49Z │ 2822         │
│ Vulnerabilities                            │ msrc:10484         │ true    │ 2024-09-26T12:14:49Z │ 1934         │
│ Vulnerabilities                            │ msrc:10543         │ true    │ 2024-09-26T12:14:49Z │ 2796         │
│ Vulnerabilities                            │ msrc:10729         │ true    │ 2024-09-26T12:14:49Z │ 2908         │
│ Vulnerabilities                            │ msrc:10735         │ true    │ 2024-09-26T12:14:49Z │ 3006         │
│ Vulnerabilities                            │ msrc:10788         │ true    │ 2024-09-26T12:14:49Z │ 466          │
│ Vulnerabilities                            │ msrc:10789         │ true    │ 2024-09-26T12:14:49Z │ 437          │
│ Vulnerabilities                            │ msrc:10816         │ true    │ 2024-09-26T12:14:49Z │ 3328         │
│ Vulnerabilities                            │ msrc:10852         │ true    │ 2024-09-26T12:14:49Z │ 3043         │
│ Vulnerabilities                            │ msrc:10853         │ true    │ 2024-09-26T12:14:49Z │ 3167         │
│ Vulnerabilities                            │ msrc:10855         │ true    │ 2024-09-26T12:14:49Z │ 3300         │
│ Vulnerabilities                            │ msrc:10951         │ true    │ 2024-09-26T12:14:49Z │ 716          │
│ Vulnerabilities                            │ msrc:10952         │ true    │ 2024-09-26T12:14:49Z │ 766          │
│ Vulnerabilities                            │ msrc:11453         │ true    │ 2024-09-26T12:14:49Z │ 1240         │
│ Vulnerabilities                            │ msrc:11454         │ true    │ 2024-09-26T12:14:49Z │ 1290         │
│ Vulnerabilities                            │ msrc:11466         │ true    │ 2024-09-26T12:14:49Z │ 395          │
│ Vulnerabilities                            │ msrc:11497         │ true    │ 2024-09-26T12:14:49Z │ 1454         │
│ Vulnerabilities                            │ msrc:11498         │ true    │ 2024-09-26T12:14:49Z │ 1514         │
│ Vulnerabilities                            │ msrc:11499         │ true    │ 2024-09-26T12:14:49Z │ 981          │
│ Vulnerabilities                            │ msrc:11563         │ true    │ 2024-09-26T12:14:49Z │ 1344         │
│ Vulnerabilities                            │ msrc:11568         │ true    │ 2024-09-26T12:14:49Z │ 2993         │
│ Vulnerabilities                            │ msrc:11569         │ true    │ 2024-09-26T12:14:49Z │ 3095         │
│ Vulnerabilities                            │ msrc:11570         │ true    │ 2024-09-26T12:14:49Z │ 2975         │
│ Vulnerabilities                            │ msrc:11571         │ true    │ 2024-09-26T12:14:49Z │ 3266         │
│ Vulnerabilities                            │ msrc:11572         │ true    │ 2024-09-26T12:14:49Z │ 3238         │
│ Vulnerabilities                            │ msrc:11583         │ true    │ 2024-09-26T12:14:49Z │ 1038         │
│ Vulnerabilities                            │ msrc:11644         │ true    │ 2024-09-26T12:14:49Z │ 1054         │
│ Vulnerabilities                            │ msrc:11645         │ true    │ 2024-09-26T12:14:49Z │ 1089         │
│ Vulnerabilities                            │ msrc:11646         │ true    │ 2024-09-26T12:14:49Z │ 1055         │
│ Vulnerabilities                            │ msrc:11647         │ true    │ 2024-09-26T12:14:49Z │ 1074         │
│ Vulnerabilities                            │ msrc:11712         │ true    │ 2024-09-26T12:14:49Z │ 1442         │
│ Vulnerabilities                            │ msrc:11713         │ true    │ 2024-09-26T12:14:49Z │ 1491         │
│ Vulnerabilities                            │ msrc:11714         │ true    │ 2024-09-26T12:14:49Z │ 1447         │
│ Vulnerabilities                            │ msrc:11715         │ true    │ 2024-09-26T12:14:49Z │ 999          │
│ Vulnerabilities                            │ msrc:11766         │ true    │ 2024-09-26T12:14:49Z │ 912          │
│ Vulnerabilities                            │ msrc:11767         │ true    │ 2024-09-26T12:14:49Z │ 915          │
│ Vulnerabilities                            │ msrc:11768         │ true    │ 2024-09-26T12:14:49Z │ 940          │
│ Vulnerabilities                            │ msrc:11769         │ true    │ 2024-09-26T12:14:49Z │ 934          │
│ Vulnerabilities                            │ msrc:11800         │ true    │ 2024-09-26T12:14:49Z │ 382          │
│ Vulnerabilities                            │ msrc:11801         │ true    │ 2024-09-26T12:14:49Z │ 1277         │
│ Vulnerabilities                            │ msrc:11802         │ true    │ 2024-09-26T12:14:49Z │ 1277         │
│ Vulnerabilities                            │ msrc:11803         │ true    │ 2024-09-26T12:14:49Z │ 981          │
│ Vulnerabilities                            │ msrc:11896         │ true    │ 2024-09-26T12:14:49Z │ 792          │
│ Vulnerabilities                            │ msrc:11897         │ true    │ 2024-09-26T12:14:49Z │ 762          │
│ Vulnerabilities                            │ msrc:11898         │ true    │ 2024-09-26T12:14:49Z │ 763          │
│ Vulnerabilities                            │ msrc:11923         │ true    │ 2024-09-26T12:14:49Z │ 1733         │
│ Vulnerabilities                            │ msrc:11924         │ true    │ 2024-09-26T12:14:49Z │ 1726         │
│ Vulnerabilities                            │ msrc:11926         │ true    │ 2024-09-26T12:14:49Z │ 1536         │
│ Vulnerabilities                            │ msrc:11927         │ true    │ 2024-09-26T12:14:49Z │ 1503         │
│ Vulnerabilities                            │ msrc:11929         │ true    │ 2024-09-26T12:14:49Z │ 1433         │
│ Vulnerabilities                            │ msrc:11930         │ true    │ 2024-09-26T12:14:49Z │ 1429         │
│ Vulnerabilities                            │ msrc:11931         │ true    │ 2024-09-26T12:14:49Z │ 1474         │
│ Vulnerabilities                            │ msrc:12085         │ true    │ 2024-09-26T12:14:49Z │ 1044         │
│ Vulnerabilities                            │ msrc:12086         │ true    │ 2024-09-26T12:14:49Z │ 1053         │
│ Vulnerabilities                            │ msrc:12097         │ true    │ 2024-09-26T12:14:49Z │ 964          │
│ Vulnerabilities                            │ msrc:12098         │ true    │ 2024-09-26T12:14:49Z │ 939          │
│ Vulnerabilities                            │ msrc:12099         │ true    │ 2024-09-26T12:14:49Z │ 943          │
│ Vulnerabilities                            │ nvd                │ true    │ 2024-09-26T12:14:58Z │ 263831       │
│ Vulnerabilities                            │ alpine:3.10        │ true    │ 2024-09-26T12:13:37Z │ 2321         │
│ Vulnerabilities                            │ alpine:3.11        │ true    │ 2024-09-26T12:13:37Z │ 2659         │
│ Vulnerabilities                            │ alpine:3.12        │ true    │ 2024-09-26T12:13:37Z │ 3193         │
│ Vulnerabilities                            │ alpine:3.13        │ true    │ 2024-09-26T12:13:37Z │ 3684         │
│ Vulnerabilities                            │ alpine:3.14        │ true    │ 2024-09-26T12:13:37Z │ 4265         │
│ Vulnerabilities                            │ alpine:3.15        │ true    │ 2024-09-26T12:13:37Z │ 4815         │
│ Vulnerabilities                            │ alpine:3.16        │ true    │ 2024-09-26T12:13:37Z │ 5271         │
│ Vulnerabilities                            │ alpine:3.17        │ true    │ 2024-09-26T12:13:37Z │ 5630         │
│ Vulnerabilities                            │ alpine:3.18        │ true    │ 2024-09-26T12:13:37Z │ 6144         │
│ Vulnerabilities                            │ alpine:3.19        │ true    │ 2024-09-26T12:13:37Z │ 6338         │
│ Vulnerabilities                            │ alpine:3.2         │ true    │ 2024-09-26T12:13:37Z │ 305          │
│ Vulnerabilities                            │ alpine:3.20        │ true    │ 2024-09-26T12:13:37Z │ 6428         │
│ Vulnerabilities                            │ alpine:3.3         │ true    │ 2024-09-26T12:13:37Z │ 470          │
│ Vulnerabilities                            │ alpine:3.4         │ true    │ 2024-09-26T12:13:37Z │ 679          │
│ Vulnerabilities                            │ alpine:3.5         │ true    │ 2024-09-26T12:13:37Z │ 902          │
│ Vulnerabilities                            │ alpine:3.6         │ true    │ 2024-09-26T12:13:37Z │ 1075         │
│ Vulnerabilities                            │ alpine:3.7         │ true    │ 2024-09-26T12:13:37Z │ 1461         │
│ Vulnerabilities                            │ alpine:3.8         │ true    │ 2024-09-26T12:13:37Z │ 1671         │
│ Vulnerabilities                            │ alpine:3.9         │ true    │ 2024-09-26T12:13:37Z │ 1955         │
│ Vulnerabilities                            │ alpine:edge        │ true    │ 2024-09-26T12:13:37Z │ 6466         │
│ Vulnerabilities                            │ amzn:2             │ true    │ 2024-09-26T12:13:34Z │ 2280         │
│ Vulnerabilities                            │ amzn:2022          │ true    │ 2024-09-26T12:13:34Z │ 276          │
│ Vulnerabilities                            │ amzn:2023          │ true    │ 2024-09-26T12:13:34Z │ 736          │
│ Vulnerabilities                            │ chainguard:rolling │ true    │ 2024-09-26T12:13:19Z │ 4462         │
│ Vulnerabilities                            │ debian:10          │ true    │ 2024-09-26T12:14:52Z │ 32021        │
│ Vulnerabilities                            │ debian:11          │ true    │ 2024-09-26T12:14:52Z │ 33497        │
│ Vulnerabilities                            │ debian:12          │ true    │ 2024-09-26T12:14:52Z │ 32452        │
│ Vulnerabilities                            │ debian:13          │ true    │ 2024-09-26T12:14:52Z │ 31631        │
│ Vulnerabilities                            │ debian:7           │ true    │ 2024-09-26T12:14:52Z │ 20455        │
│ Vulnerabilities                            │ debian:8           │ true    │ 2024-09-26T12:14:52Z │ 24058        │
│ Vulnerabilities                            │ debian:9           │ true    │ 2024-09-26T12:14:52Z │ 28240        │
│ Vulnerabilities                            │ debian:unstable    │ true    │ 2024-09-26T12:14:52Z │ 35913        │
│ Vulnerabilities                            │ mariner:1.0        │ true    │ 2024-09-26T12:14:41Z │ 2092         │
│ Vulnerabilities                            │ mariner:2.0        │ true    │ 2024-09-26T12:14:41Z │ 2624         │
│ Vulnerabilities                            │ ol:5               │ true    │ 2024-09-26T12:14:44Z │ 1255         │
│ Vulnerabilities                            │ ol:6               │ true    │ 2024-09-26T12:14:44Z │ 1709         │
│ Vulnerabilities                            │ ol:7               │ true    │ 2024-09-26T12:14:44Z │ 2196         │
│ Vulnerabilities                            │ ol:8               │ true    │ 2024-09-26T12:14:44Z │ 1906         │
│ Vulnerabilities                            │ ol:9               │ true    │ 2024-09-26T12:14:44Z │ 870          │
│ Vulnerabilities                            │ rhel:5             │ true    │ 2024-09-26T12:14:59Z │ 7193         │
│ Vulnerabilities                            │ rhel:6             │ true    │ 2024-09-26T12:14:59Z │ 11121        │
│ Vulnerabilities                            │ rhel:7             │ true    │ 2024-09-26T12:14:59Z │ 11359        │
│ Vulnerabilities                            │ rhel:8             │ true    │ 2024-09-26T12:14:59Z │ 6998         │
│ Vulnerabilities                            │ rhel:9             │ true    │ 2024-09-26T12:14:59Z │ 4039         │
│ Vulnerabilities                            │ sles:11            │ true    │ 2024-09-26T12:14:47Z │ 594          │
│ Vulnerabilities                            │ sles:11.1          │ true    │ 2024-09-26T12:14:47Z │ 6125         │
│ Vulnerabilities                            │ sles:11.2          │ true    │ 2024-09-26T12:14:47Z │ 3291         │
│ Vulnerabilities                            │ sles:11.3          │ true    │ 2024-09-26T12:14:47Z │ 7081         │
│ Vulnerabilities                            │ sles:11.4          │ true    │ 2024-09-26T12:14:47Z │ 6583         │
│ Vulnerabilities                            │ sles:12            │ true    │ 2024-09-26T12:14:47Z │ 6018         │
│ Vulnerabilities                            │ sles:12.1          │ true    │ 2024-09-26T12:14:47Z │ 6205         │
│ Vulnerabilities                            │ sles:12.2          │ true    │ 2024-09-26T12:14:47Z │ 8339         │
│ Vulnerabilities                            │ sles:12.3          │ true    │ 2024-09-26T12:14:47Z │ 10396        │
│ Vulnerabilities                            │ sles:12.4          │ true    │ 2024-09-26T12:14:47Z │ 10215        │
│ Vulnerabilities                            │ sles:12.5          │ true    │ 2024-09-26T12:14:47Z │ 12444        │
│ Vulnerabilities                            │ sles:15            │ true    │ 2024-09-26T12:14:47Z │ 8737         │
│ Vulnerabilities                            │ sles:15.1          │ true    │ 2024-09-26T12:14:47Z │ 9245         │
│ Vulnerabilities                            │ sles:15.2          │ true    │ 2024-09-26T12:14:47Z │ 9572         │
│ Vulnerabilities                            │ sles:15.3          │ true    │ 2024-09-26T12:14:47Z │ 10074        │
│ Vulnerabilities                            │ sles:15.4          │ true    │ 2024-09-26T12:14:47Z │ 10436        │
│ Vulnerabilities                            │ sles:15.5          │ true    │ 2024-09-26T12:14:47Z │ 10880        │
│ Vulnerabilities                            │ sles:15.6          │ true    │ 2024-09-26T12:14:47Z │ 3775         │
│ Vulnerabilities                            │ ubuntu:12.04       │ true    │ 2024-09-26T12:15:12Z │ 14934        │
│ Vulnerabilities                            │ ubuntu:12.10       │ true    │ 2024-09-26T12:15:12Z │ 5641         │
│ Vulnerabilities                            │ ubuntu:13.04       │ true    │ 2024-09-26T12:15:12Z │ 4117         │
│ Vulnerabilities                            │ ubuntu:14.04       │ true    │ 2024-09-26T12:15:12Z │ 37910        │
│ Vulnerabilities                            │ ubuntu:14.10       │ true    │ 2024-09-26T12:15:12Z │ 4437         │
│ Vulnerabilities                            │ ubuntu:15.04       │ true    │ 2024-09-26T12:15:12Z │ 6220         │
│ Vulnerabilities                            │ ubuntu:15.10       │ true    │ 2024-09-26T12:15:12Z │ 6489         │
│ Vulnerabilities                            │ ubuntu:16.04       │ true    │ 2024-09-26T12:15:12Z │ 35057        │
│ Vulnerabilities                            │ ubuntu:16.10       │ true    │ 2024-09-26T12:15:12Z │ 8607         │
│ Vulnerabilities                            │ ubuntu:17.04       │ true    │ 2024-09-26T12:15:12Z │ 9094         │
│ Vulnerabilities                            │ ubuntu:17.10       │ true    │ 2024-09-26T12:15:12Z │ 7900         │
│ Vulnerabilities                            │ ubuntu:18.04       │ true    │ 2024-09-26T12:15:12Z │ 29533        │
│ Vulnerabilities                            │ ubuntu:18.10       │ true    │ 2024-09-26T12:15:12Z │ 8367         │
│ Vulnerabilities                            │ ubuntu:19.04       │ true    │ 2024-09-26T12:15:12Z │ 8634         │
│ Vulnerabilities                            │ ubuntu:19.10       │ true    │ 2024-09-26T12:15:12Z │ 8414         │
│ Vulnerabilities                            │ ubuntu:20.04       │ true    │ 2024-09-26T12:15:12Z │ 25271        │
│ Vulnerabilities                            │ ubuntu:20.10       │ true    │ 2024-09-26T12:15:12Z │ 9974         │
│ Vulnerabilities                            │ ubuntu:21.04       │ true    │ 2024-09-26T12:15:12Z │ 11304        │
│ Vulnerabilities                            │ ubuntu:21.10       │ true    │ 2024-09-26T12:15:12Z │ 12628        │
│ Vulnerabilities                            │ ubuntu:22.04       │ true    │ 2024-09-26T12:15:12Z │ 23527        │
│ Vulnerabilities                            │ ubuntu:22.10       │ true    │ 2024-09-26T12:15:12Z │ 14483        │
│ Vulnerabilities                            │ ubuntu:23.04       │ true    │ 2024-09-26T12:15:12Z │ 15562        │
│ Vulnerabilities                            │ ubuntu:23.10       │ true    │ 2024-09-26T12:15:12Z │ 18431        │
│ Vulnerabilities                            │ ubuntu:24.04       │ true    │ 2024-09-26T12:15:12Z │ 19537        │
│ Vulnerabilities                            │ wolfi:rolling      │ true    │ 2024-09-26T12:14:43Z │ 2867         │
│ Vulnerabilities                            │ anchore:exclusions │ true    │ 2024-09-26T12:14:43Z │ 12851        │
│ CISA KEV (Known Exploited Vulnerabilities) │ kev_db             │ true    │ 2024-09-26T13:13:47Z │ 1181         │
| Exploit Prediction Scoring System Database │ epss_db            │ true    │ 2024-11-18T18:04:12Z │ 266565       │
└────────────────────────────────────────────┴────────────────────┴─────────┴──────────────────────┴──────────────┘

This command will report list the feeds synchronized by Anchore Enterprise, last sync time and current record count.

Note: Time is reported as UTC, not local time.

Manually initiating feed sync

You can initiate a manual sync of the latest datasets which tells the Data Syncer Service to download the latest feed data from the Anchore Data Service.

# anchorectl feed sync
 ✔ Synced feeds

This will also inform the policy-engine to sync down the new dataset if the Data Syncer Service has successfully downloaded the latest data.

Forcing a full resync

If there is a scenario where you want the Data Syncer Service to force download the latest datasets and overwrite the existing data, you can use the --force_sync flag.

#  ./anchorectl feed sync --force_sync
 ✔ Synced feeds            

3 - Air-Gapped

As of v5.10, AnchoreCTL is now capable of importing and exporting feeds. AnchoreCTL will be downloading the datasets from the Anchore Data Service and then importing them into the Anchore Enterprise deployment. For more detail regarding the Anchore Data Service, please see Anchore Data Service.

Air Gap Flow

Configuration

To configure your Anchore Enterprise deployment to work in an air-gapped environment, you will need to disable the Data Syncer Service’s automatic feed sync.

For helm

Set the following in your values.yaml

dataSyncer:
  extraEnv:
    - name: ANCHORE_DATA_SYNC_AUTO_SYNC_ENABLED
      value: "false"

For docker-compose

Set the following in your docker compose yaml file

services:
  data-syncer:
    environment:
      - ANCHORE_DATA_SYNC_AUTO_SYNC_ENABLED=false

Auto Sync Disabled Log

To confirm auto sync is disabled the following log will be emitted by the data-syncer service upon startup:

[INFO] [anchore_enterprise.services.data_syncer.service/handle_data_sync():33] | Auto sync is disabled. Skipping data sync.

Downloading and Importing Datasets

Once installed, AnchoreCTL can be used to download the latest feed data from the Anchore Data Service. This data can then be moved across the air gap and uploaded into your Anchore Enterprise deployment.

Downloading the Datasets

Run the following command outside your air-gapped environment to download the datasets

Using your license key
anchorectl airgap feed download -f <filename> -k <your api key>
Using your license file
anchorectl airgap feed download -f <filename> -l <path to your license file>
  • To get your API key, check your license file for a field called apiKey
  • This command will download all the feeds from the hosted service to the file specified by ‘-f’.
  • This command can take a bit of time to return depending on your connection speed.
  • The resulting file will be approximately 0.5 GB in size as of this writing but will continue to grow as more data is added to the feeds.

Importing the Datasets

Take a copy of this file and move it into your air-gapped environment. Then run the following command to import the feeds into your Anchore Enterprise deployment.

anchorectl airgap feed upload -f <filename>

Your Analyzer Service and Policy Engine Service will now be able to fetch the latest data from the Data Syncer Service as normal. This procedure must be repeated each time you want to update the datasets in your air gapped environment.

4 - Status Page

A live status page is available for real-time updates on the Anchore Data Service, including information on outages, maintenance, and options for subscribing to notifications. You can access the status page at https://status.anchore-enterprise.com

Status Page

The status page is updated in real-time and provides information on the following:

  • Current Status - The current status of the Anchore Data Service.
  • Incidents - A list of any ongoing incidents that may be affecting the Anchore Data Service.
  • Scheduled Maintenance - A list of any upcoming maintenance windows that may affect the Anchore Data Service.
  • Subscribe to Updates - Options for subscribing to updates via email, SMS, or webhook.
  • Past Incidents - A list of past incidents that have affected the Anchore Data Service.
  • Historical Uptime - Historical uptime data for the Anchore Data Service.