Data Syncer Configuration

Dataset Synchronization Interval

The Data Syncer Service will check every hour if there is new data available from the Anchore Data Service. If it finds a new dataset then it will sync it down immediately. It will also trigger the Policy Engine Service to reprocess the data to make it available for policy evaluations. The analyzer checks the data syncer for a new ClamAV Malware signature database before every malware scan (if enabled).

Controlling Which Feeds and Groups are Synced

During initial data sync, you can always query the progress and status of the feed sync using anchorectl.

# anchorectl feed list
 ✔ List feed                                     
┌────────────────────────────────────────────┬────────────────────┬─────────┬──────────────────────┬──────────────┐
│ FEED                                       │ GROUP              │ ENABLED │ LAST UPDATED         │ RECORD COUNT │
├────────────────────────────────────────────┼────────────────────┼─────────┼──────────────────────┼──────────────┤
│ ClamAV Malware Database                    │ clamav_db          │ true    │ 2024-09-26T13:13:50Z │ 1            │
│ Vulnerabilities                            │ github:composer    │ true    │ 2024-09-26T12:14:50Z │ 4036         │
│ Vulnerabilities                            │ github:dart        │ true    │ 2024-09-26T12:14:50Z │ 8            │
│ Vulnerabilities                            │ github:gem         │ true    │ 2024-09-26T12:14:50Z │ 817          │
│ Vulnerabilities                            │ github:go          │ true    │ 2024-09-26T12:14:50Z │ 1875         │
│ Vulnerabilities                            │ github:java        │ true    │ 2024-09-26T12:14:50Z │ 5058         │
│ Vulnerabilities                            │ github:npm         │ true    │ 2024-09-26T12:14:50Z │ 15586        │
│ Vulnerabilities                            │ github:nuget       │ true    │ 2024-09-26T12:14:50Z │ 624          │
│ Vulnerabilities                            │ github:python      │ true    │ 2024-09-26T12:14:50Z │ 3226         │
.
.
.
│ CISA KEV (Known Exploited Vulnerabilities) │ kev_db             │ true    │ 2024-09-26T13:13:47Z │ 1181         │
└────────────────────────────────────────────┴────────────────────┴─────────┴──────────────────────┴──────────────┘

Using the Config File to Include/Exclude Feeds and Package Types when scanning for vulnerabilities

With the feed service removed, Enterprise no longer supports excluding certain providers and package types from the vulnerability feed. To ensure the same experience when using the product, you can now exclude certain providers and package types from matching vulnerabilities.

To do this you need to set the following config:

Using Helm

In your values.yaml file set the following:

policy_engine:
   vulnerabilities:
      matching:
        exclude:
          providers: ["rhel","debian"]
          package_types: ["rpm"]

Using Docker Compose

In your config.yaml file set the following:

services:
  policy_engine:
    vulnerabilities:
      matching:
        exclude:
          providers: ["rhel","debian"]
          package_types: ["rpm"]

Last modified October 7, 2024