AnchoreCTL Release Notes - Version 5.22.0

Note: AnchoreCTL v5.22.x versions are compatible with Enterprise v5.22.x deployments.

AnchoreCTL v5.22.0

Improvements

• Vulnerability Annotation Status
  • Annotation Status has been added to the output of the anchorectl image vulnerabilities command.
  • The annotation status can be found in the table output as well as the json output.
  • The annotation UUID is included only in the json output.

    "annotationStatus": "fixed",
    "annotationUuid": "f21ce78b-630d-4bd0-a470-7447cad45452",
    

  • The command also provides the ability to filter the returned vulnerabilities based on annotation status with the use of the --annotations flag.
• PURL is now included in the image content and image vulnerability commands when asking for the json output and csv output where available.
• The image one-time-scan command now has a flag --extended-support to allow the caller to override the EUS system configuration.
• STIG Profiles
  • STIG Profiles are available for download from the anchorectl stig write-profiles command. Additional license entitlements are required, please contact Anchore Customer Success for more information.
  • Updates to the previously supported profiles have been completed
    • ubi8
    • ubi9
    • ubuntu2204
    • ubuntu2402
  • New profiles are now supported
    • Apache Tomcat 9
    • Nginx
  • Please see the Anchore STIG documentation for more information.
• ClamAV 1.4.x
  • Air Gap workflow commands of anchorectl airgap feed upload and anchorectl airgap feed download now work with the new ClamAV v2 database.

Fixes

• The docker image execute and image add --stig commands create a local docker container in order to complete the STIG evaluation. These commands correctly remove the local docker container when execution has completed.