This is the multi-page printable view of this section. Click here to print.
End-of-Life Releases
1 - AnchoreCTL Release Notes - Version 4.9.0
AnchoreCTL 4.9.0 is a V2 API-compatibility release that is otherwise identical to 1.8.0.
Warning
AnchoreCTL 4.9.0 is compatible Enterprise 4.9.x ONLY and requires the V2 API.To minimize impact to automated installations, the V2 API compatible AnchoreCTL will not be automatically upgraded using the install script. See Installation for more information.
AnchoreCTL v4.9.0 uses Syft 0.84.1, the same as AnchoreCTL v1.8.0
AnchoreCTL 4.9.x versions are compatible with Anchore Enterprise 4.9.X deployments.
2 - AnchoreCTL Release Notes - Version 1.8.0
The latest version of AnchoreCTL is 1.8.0.
AnchoreCTL 1.8.0 is a feature and bug fix release which includes:
- Adds the ability to create explicit SAML users with
user add --idp_name
- Adds the ability to list, activate and deactivate runtime inventory watchers with
inventory watch
- Extends
image content
command to support the typecontent_search
- Extends
image content
command to support the typeretrieved_files
- Extends
image content
command to support the typesecret_search
- Adds the ability to specify the image platform to retrieve and analyze when using the
--from registry
source in theimage add
command so that local analysis can be done on images of a different architecture than the local host where the analysis occurs. - Add an API version check to prevent accidental use of 1.8.0 against an Anchore V2 API endpoint. See Configuration for more information.
Update to using Syft 0.84.1
3 - AnchoreCTL Release Notes - Version 1.7.0
The latest version of AnchoreCTL is 1.7.0.
AnchoreCTL 1.7.0 is a feature and bug fix release which includes:
- Adds more detail from the Anchore Enterprise service for error responses, exposing the server side error detail to the user
- Adds new formats (spdx, cycloneDX) to the SBOM output options when using the content get options during
image add
operations - Add support for new
ancestor list
command - Add new
recommendation
field to policy evaluation table output for theimage check
operation - Changed the policy evaluation level of detail from basic to full detail when fetching policy evaluation during
image add
operation - Fixed issue where the
sbom
content was not being fetched when theall
type was given to the get option, in theimage add
operation
Update to using Syft 0.80.0
4 - AnchoreCTL Release Notes - Version 1.6.0
The latest version of AnchoreCTL is 1.6.0.
AnchoreCTL 1.6.0 is a feature and bug fix release which includes:
- Adds ability to generate container image SBOMs using a new ‘–from’ option to
anchorectl image add
. This removes the need to use Syft with anchorectl. AnchoreCTL can now perform all the analysis itself and upload it to your Enterprise deployment. See Using CLI for Images for mor information. - Adds extra analysis locally in addition to the SBOM generation. Filesystem metadata, secret scans, content scans, and file retrieval are now supported as they are when doing analysis of an image inside and Anchore Enterprise deployment
- The additional analysis features of secret scans, filesystem metdata, and content searches are only compatible with Anchore Enterprise 4.7+
- Fixes the –help output for the ‘completion’ commands to provide correct autocompletion setup guidance
- Fixes duplication of vulns shown when no type is specified in
anchorectl image vuln <digest>
usage
Update to using Syft 0.79.0
5 - AnchoreCTL Release Notes - Version 1.5.0
The latest version of AnchoreCTL is 1.5.0.
AnchoreCTL 1.5.0 is a bug fix release which includes:
- Updates a help string for subscription update command to include the runtime_inventory subscription type
- Fixes
image add <tag> --wait
failure withimage not found
if the same tag is added with another image digest by another client while waiting for the original image to analyze
Update to using Syft 0.75.0
6 - AnchoreCTL Release Notes - Version 1.4.0
The latest version of AnchoreCTL is 1.4.0.
AnchoreCTL 1.4.0 is a feature release which includes:
- Adds full output format option support to ‘source sbom’ command similar to ‘image sbom’ operation, including spdx and cyclonedx formats
- Adds new command to get a list of vulnerabilities in a specific application version across all artifacts (images and sources)
- Adds csv output format for source-repo vulnerability and policy evaluation commands
- Fixes adding of incorrect image to application version when using a tag reference in cases where more than one image with that tag is present in the system
Update to using Syft 0.72.1
7 - AnchoreCTL Release Notes - Version 1.3.0
The latest version of AnchoreCTL is 1.3.0.
AnchoreCTL 1.3.0 is a maintenance release which includes:
- Added SPDX, CycloneDX and other format options alongside the default JSON format, to the ‘image sbom’ fetch operation
- Added CSV format option to ‘image vulnerabilities’ and ‘image check’ operations
- Enable ability add container images to Anchore Enterprise by image digest
- Add a new ‘CVEs’ column to default table output for ‘image vulnerabilities’ operation for non-CVE findings that refer to one or more CVEs
- Update ‘image add’ from SBOM to respect the –no-auto-subscribe flag
- Fixes segfault when adding application association to an image that is in analyzing state
Update to using Syft 0.62.3
8 - AnchoreCTL Release Notes - Version 1.2.0
The latest version of AnchoreCTL is 1.2.0.
AnchoreCTL 1.2.0 is a maintenance release which includes:
- Support for ‘recommendation’ fields from policy evaluations when used with Enterprise 4.1.1
- Fixed to only show a vulnerability once in
anchorectl image vuln
when not using the-t/--type
option - Help and command typo fixes
Updated to using Syft v0.58.0
9 - AnchoreCTL Release Notes - Version 1.1.0
The latest version of AnchoreCTL is 1.1.0.
AnchoreCTL 1.1.0 is a maintenance release which includes:
inventory list
command to show all images in the inventory- compatability with Syft v0.56.0
Updated to using Syft v0.56.0
10 - AnchoreCTL Release Notes - Version 1.0.0
The latest version of AnchoreCTL is 1.0.0.
AnchoreCTL 1.0.0 represents the first stable release of the tool as the primary CLI for Anchore Enterprise users. Configuration, command structure and capabilities have all been renovated to support the usage of the client by administrators, users, and within scripting environments for automated integration
Added new administrative command groupings:
- Account commands (add, get, list, delete, enable, disable)
- User commands (add, get, list, delete, set-password)
- Analysis archive rule commands (add, get, list, delete)
- Analysis archive image commands (add, get list, delete, restore)
- Event commands (get, list, delete)
- Feed commands (list, sync)
- Policy commands (add, get, list, delete, activate)
- Registry commands (add, get list, delete, update)
- Repo commands (add, get, list, delete, watch, unwatch)
- Subscription commands (get, list, delete, activate, deactivate)
- System commands (status, wait, delete)
The image add
and source add
commands have been revisited to additionally provide a simple way to extract common data from Anchore Enterprise:
anchorectl image add <my-image> --get vulnerabilities,content
: get a summary of content and vulnerabilities to stdoutanchorectl image add <my-image> --get all=/path/to/store/results
: get policy evaluation, vuln, and content results, and store all raw JSON files to/path/to/store/results
anchorectl image add <my-image> --get policy-evaluation
: will get the policy evaluation results and set the return code to 1 if the policy evaluation is not passing (allowing use as a quality gate)
Added the ability to associate images and sources with an application name and version when adding into the system (e.g. anchorectl image add <my image> --application <name>@<version>
).
The UI for all commands has been enhanced to convey intermediate progress and be transparent about actions taken to any result. For instance, using ANCHORECTL_DEBUG_API=true
and increasing log levels to “debug” or “trace” (-vv
or -vvv
) will show individual API events and responses
The anchorectl.yaml
application configuration has changed, use anchorectl --help
to see the latest configuration schema
Added flag to switch output format for most commands to one of text
, json
, json-raw
, or ID
Updated to using syft v0.52.0
11 - AnchoreCTL Release Notes - Version 0.2.0
The latest version of AnchoreCTL is 0.2.0. AnchoreCTL is dependent on Syft v0.39.3 as a library.
The current features that are supported are as follows:
- Ability to add sboms via anchorectl using stdin to provide an existing SBOM without re-creating it.
12 - AnchoreCTL Release Notes - Version 0.1.4
The latest version of AnchoreCTL is 0.1.4. AnchoreCTL is dependent on Syft v0.39.3 as a library.
The current features that are supported are as follows:
- Source Repository Management: Generate an SBOM and store the SBOM in Anchore’s database. Get information about the source repository, investigate vulnerability packages by requesting vulnerabilities for a single analyzed source repository, or get any policy evaluations.
- Download full image SBOMs for images analyzed with Enterprise 4.0.0.
- Compliance Reports: View and operate on runtime compliance reports, such as STIGs, created by the
rem
tool. - Corrections Management: View and modify corrections information to help reduce false positives in your vulnerability results.
- Image Management: View, list, import local analysis, and request image analysis by the system.
- Runtime Inventory Management: Add, update, and view cluster configurations for Anchore to scan, as well as for the inventory reports themselves.
- System Operations: View and manage system information for your Enterprise deployment.