Anchore Enterprise Data Service

Overview

Anchore operates a hosted service called the Anchore Data Service that serves pre-built datasets to customer Enterprise deployments.

Please review the Anchore Data Service status page for information on how to check the status of the datasets.

Anchore Data Service currently manages five datasets:

• Vulnerability Database (vulnerability_db) - This dataset contains vulnerability data from the following sources:
  • Alpine
  • Amazon Linux
  • Chain Guard
  • Debian
  • Github
  • Mariner
  • MSRC
  • NVD (Including the Anchore Enhancements)
  • Oracle
  • RHEL
  • SLES
  • Ubuntu
  • Wolfi
• Vulnerability Match Exclusions (vulnerability_match_exclusions_db) - CVEs that Anchore has excluded from the feed.
• ClamAV Malware Database (clamav_db) - This dataset contains malware signatures that are used to detect malware in images.
• CISA Known Exploited Vulnerabilities (kev_db) - This dataset contains vulnerability annotations that are used to provide additional context to vulnerabilities.
• Exploit Prediction Scoring System (epss_db) - This dataset contains exploit prediction scores for vulnerabilities.

These datasets are refreshed by pipelines that run every 6 hours.

Data Syncer Service Design

Anchore Enterprise includes a service, called the Data Syncer Service, that is responsible for syncing the datasets from the Anchore Data Service and making them available for use by the rest of Anchore Enterprise.

The following two FQDNs need to be allowlisted in your network to allow the Data Syncer Service to communicate with the Anchore Data Service:

https://data.anchore-enterprise.com
https://s3.us-west-2.amazonaws.com/enterprise-data-service.production.anchore.io

Authentication for this service is provided by your Anchore Enterprise license. No additional credentials are required.

To learn more, please review the Data Syncer Service Configuration doc.