AnchoreCTL Release Notes - Version 5.25.0

Note: AnchoreCTL v5.25.x versions are compatible with Enterprise v5.25.x deployments.

AnchoreCTL v5.25.0

Improvements

• Added support for Imported SBOM ALP rules. See the Artifact Lifecycle Policy documentation for more information on this feature.
• Added support for the new user-viewer RBAC role in Anchore Enterprise. See the RBAC documentation for more information.
• During decentralized image analysis, AnchoreCTL is now capable of running content and secret search catalogers in parallel, significantly reducing the time it takes to complete the analysis. See the AnchoreCTL documentation for more information.

Fixes

• Removed the unused HostedFeedURL config option.

Known Issues

Apple Silicon (M4/M5): --from docker SBOM analysis failure

On macOS running on Apple Silicon (M4/M5) with Docker Desktop using VirtioFS, anchorectl image add --from docker may fail with unable to get local analyze SBOM: could not determine source. This occurs when Docker pulls images in a format that does not produce a complete OCI layout on disk, which prevents AnchoreCTL from resolving the source for local analysis. This issue has not been observed on Intel-based Macs or Linux.

Workarounds:

For images that exist in a registry, remove the local copy and allow AnchoreCTL to pull the image directly:

docker rmi ${image}
anchorectl image add ${image} --from docker

For locally built images, disable Use containerd for pulling and storing images in Docker Desktop under Settings → General, restart Docker Desktop for the changes to take effect, then build the image and continue as normal.

A fix is planned for an upcoming release.