Anchore takes data privacy seriously.
Anchore Enterprise is designed to run locally. It does not share data with Anchore Inc., or any third parties.
Anchore Enterprise can be configured to download vulnerability and other feed / package data from one of two places based on your policy engine configuration. These two places are:
- Publicly accessible URL and vulnerability dataset maintained by Grype https://toolbox-data.anchore.io/grype/databases/listing.json.
- Third party vulnerability sources, documented here: Anchore Feeds Overview with each source being configurable.
No data from your deployment is uploaded to Anchore or third party.