AnchoreCTL Release Notes - Version 5.23.0

Note: AnchoreCTL v5.23.x versions are compatible with Enterprise v5.23.x deployments.

STIG Profiles

The STIG Profiles are now available from the Anchore Data Service. The change allows Anchore to update them as the need arises instead of waiting for the next release cycle.
You will see a new dataset called stig_profiles_db after updating your deployment.
Air-gapped user will download and upload the STIG Profiles as part of the normal Air Gap Workflow.
The STIG Profiles will be retrieved from your enterprise deployment by AnchoreCTL using the same command, anchorectl stig write-profiles.

Please Note: the names of the downloaded profile files have changed slightly.

Profile Name	New File Name	Previous File Name
apache-tomcat-9	apache-tomcat-9.tar.gz	tomcat_application_server_9_stig-3.2.0.tar.gz
nginx	nginx.tar.gz	nginx-srg-baseline-2.4.3.tar.gz
rhel8	rhel8.tar.gz	redhat-enterprise-linux-8-stig-baseline-2.2.0.tar.gz
rhel9	rhel9.tar.gz	redhat-enterprise-linux-9-stig-baseline-2.4.0.tar.gz
ubuntu2204	ubuntu2204.tar.gz	canonical-ubuntu-22_04-lts-stig-baseline-1.0.0.tar.gz
ubuntu2404	ubuntu2404.tar.gz	canonical-ubuntu-24_04-lts-stig-baseline-1.1.0.tar.gz

anchorectl image vulnerabilities now supports two new output options:
- -o cyclonedx-xml
- -o cyclonedx-json
anchorectl source add will now preserve the files section when uploading and downloading the SBOM from Anchore Enterprise.

Addresses an issue running anchorectl system smoke-test run while specifying an ANCHORECTL_LOG_LEVEL.
Addresses an issue running anchorectl system smoke-test run while specifying a config file path using the -c flag.
Fixes an issue where the anchorectl image sbom command failed to retrieve the sbom when provided with the parent digest.

Last modified November 4, 2025