Feeds Service

Important Up-to-date vulnerability data is critical to a fully functioning Anchore Enterprise deployment.

Anchore Enterprise uses security vulnerability and package data from a number of different sources.

  • Feed vulnerabilities - security advisories from specific Linux Distribution vendors against Distribution specific packages.

    • Alpine Linux
    • CentOS
    • Debian
    • Oracle Linux
    • Red Hat Enterprise Linux
    • Red Hat Universal Base Image (UBI)
    • Ubuntu
    • Amazon Linux 2
    • Google Distroless

  • Feed packages - Software Package Repositories

    • RubyGems.org
    • NPMJS.org

  • Feed nvd - NIST National Vulnerability Database (NVD)

alt_text

The Anchore Feed Service collects vulnerability and package data from the upstream sources and normalizes this data to be published as feeds that Anchore Enterprise can subscribe to.

Anchore Enterprise polls the feed service at a user defined interval, by default every six hours, and will download feed data updated since the last sync.

Anchore hosts a public service on the Anchore Cloud which provides access, for free, to all public feeds.

An on-premises feed service is available for commercial customers allowing Anchore Enterprise to synchronize with a locally deployed feed service, without any reliance on Anchore Cloud.

Further Information

For further information on configuration of the feeds service, see Configuration - Feeds

Last modified March 28, 2024