Overview
SBOMs imported via Anchore SBOM are automatically scanned for vulnerabilities after upload and at regular intervals following each feed update.
By default, the system runs in auto_scale
mode. This automatically calculates the number of concurrent background tasks required to completely rescan your imported SBOM inventory within a six-hour window.
It does so by adjusting the following settings based on a function of the number of imported SBOMs in the system and the number of Policy Engine and Catalog instances configured in your deployment:
batch_size
: The number of imported SBOMs to scan in a single batch. Maximum of 8.pool_size
: The number of concurrent scan threads to run on each Policy Engine. Maximum of 4.
If you wish to override the auto_scale
behaviour and manually configure these settings, first set catalog.sbom_vuln_scan.auto_scale
to false
. You may then set catalog.sbom_vuln_scan.batch_size
and catalog.sbom_vuln_scan.pool_size
to your desired values.
Using Helm
In your values.yaml file set the following:
anchoreConfig:
catalog:
sbom_vuln_scan:
auto_scale: false
batch_size: 4
pool_size: 2
Using Docker Compose
In your config.yaml file set the following:
services:
catalog:
sbom_vuln_scan:
auto_scale: false
batch_size: 4
pool_size: 2