Imported SBOM Scanning
Overview
SBOMs imported via Anchore SBOM are automatically scanned for vulnerabilities after upload and at regular intervals following each feed update.
By default, the system runs in auto_scale
mode. This automatically calculates the number of concurrent background tasks required to completely rescan your imported SBOM inventory within a six-hour window.
It does so by adjusting the following settings based on a function of the number of imported SBOMs in the system and the number of Policy Engine and Catalog instances configured in your deployment:
batch_size
: The number of imported SBOMs to scan in a single batch. Maximum of 8.pool_size
: The number of concurrent scan threads to run on each Policy Engine. Maximum of 4.
If you wish to override the auto_scale
behaviour and manually configure these settings, first set catalog.sbom_vuln_scan.auto_scale
to false
. You may then set catalog.sbom_vuln_scan.batch_size
and catalog.sbom_vuln_scan.pool_size
to your desired values.
Using Helm
In your values.yaml file set the following:
anchoreConfig:
catalog:
sbom_vuln_scan:
auto_scale: false
batch_size: 4
pool_size: 2
Using Docker Compose
In your config.yaml file set the following:
services:
catalog:
sbom_vuln_scan:
auto_scale: false
batch_size: 4
pool_size: 2