Imported SBOM Scanning

Overview

SBOMs imported via Anchore SBOM are automatically scanned for vulnerabilities after upload and at regular intervals following each feed update.

By default, the system runs in auto_scale mode. This automatically calculates the number of concurrent background tasks required to completely rescan your imported SBOM inventory within a six-hour window. It does so by adjusting the following settings based on a function of the number of imported SBOMs in the system and the number of Policy Engine and Catalog instances configured in your deployment:

batch_size: The number of imported SBOMs to scan in a single batch. Maximum of 8.
pool_size: The number of concurrent scan threads to run on each Policy Engine. Maximum of 4.

If you wish to override the auto_scale behaviour and manually configure these settings, first set catalog.sbom_vuln_scan.auto_scale to false. You may then set catalog.sbom_vuln_scan.batch_size and catalog.sbom_vuln_scan.pool_size to your desired values.

Using Helm

In your values.yaml file set the following:

anchoreConfig:
    catalog:
        sbom_vuln_scan:
            auto_scale: false
            batch_size: 4
            pool_size: 2

Using Docker Compose

In your config.yaml file set the following:

services:
    catalog:
       sbom_vuln_scan:
          auto_scale: false
          batch_size: 4
          pool_size: 2

Last modified June 6, 2025