This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

End-of-Life Releases

1 - AnchoreCTL Release Notes - Version 4.9.0

AnchoreCTL 4.9.0 is a V2 API-compatibility release that is otherwise identical to 1.8.0.

To minimize impact to automated installations, the V2 API compatible AnchoreCTL will not be automatically upgraded using the install script. See Installation for more information.

AnchoreCTL v4.9.0 uses Syft 0.84.1, the same as AnchoreCTL v1.8.0

AnchoreCTL 4.9.x versions are compatible with Anchore Enterprise 4.9.X deployments.

2 - AnchoreCTL Release Notes - Version 1.8.0

The latest version of AnchoreCTL is 1.8.0.

AnchoreCTL 1.8.0 is a feature and bug fix release which includes:

  • Adds the ability to create explicit SAML users with user add --idp_name
  • Adds the ability to list, activate and deactivate runtime inventory watchers with inventory watch
  • Extends image content command to support the type content_search
  • Extends image content command to support the type retrieved_files
  • Extends image content command to support the type secret_search
  • Adds the ability to specify the image platform to retrieve and analyze when using the --from registry source in the image add command so that local analysis can be done on images of a different architecture than the local host where the analysis occurs.
  • Add an API version check to prevent accidental use of 1.8.0 against an Anchore V2 API endpoint. See Configuration for more information.

Update to using Syft 0.84.1

3 - AnchoreCTL Release Notes - Version 1.7.0

The latest version of AnchoreCTL is 1.7.0.

AnchoreCTL 1.7.0 is a feature and bug fix release which includes:

  • Adds more detail from the Anchore Enterprise service for error responses, exposing the server side error detail to the user
  • Adds new formats (spdx, cycloneDX) to the SBOM output options when using the content get options during image add operations
  • Add support for new ancestor list command
  • Add new recommendation field to policy evaluation table output for the image check operation
  • Changed the policy evaluation level of detail from basic to full detail when fetching policy evaluation during image add operation
  • Fixed issue where the sbom content was not being fetched when the all type was given to the get option, in the image add operation

Update to using Syft 0.80.0

4 - AnchoreCTL Release Notes - Version 1.6.0

The latest version of AnchoreCTL is 1.6.0.

AnchoreCTL 1.6.0 is a feature and bug fix release which includes:

  • Adds ability to generate container image SBOMs using a new ‘–from’ option to anchorectl image add. This removes the need to use Syft with anchorectl. AnchoreCTL can now perform all the analysis itself and upload it to your Enterprise deployment. See Using CLI for Images for mor information.
  • Adds extra analysis locally in addition to the SBOM generation. Filesystem metadata, secret scans, content scans, and file retrieval are now supported as they are when doing analysis of an image inside and Anchore Enterprise deployment
    • The additional analysis features of secret scans, filesystem metdata, and content searches are only compatible with Anchore Enterprise 4.7+
  • Fixes the –help output for the ‘completion’ commands to provide correct autocompletion setup guidance
  • Fixes duplication of vulns shown when no type is specified in anchorectl image vuln <digest> usage

Update to using Syft 0.79.0

5 - AnchoreCTL Release Notes - Version 1.5.0

The latest version of AnchoreCTL is 1.5.0.

AnchoreCTL 1.5.0 is a bug fix release which includes:

  • Updates a help string for subscription update command to include the runtime_inventory subscription type
  • Fixes image add <tag> --wait failure with image not found if the same tag is added with another image digest by another client while waiting for the original image to analyze

Update to using Syft 0.75.0

6 - AnchoreCTL Release Notes - Version 1.4.0

The latest version of AnchoreCTL is 1.4.0.

AnchoreCTL 1.4.0 is a feature release which includes:

  • Adds full output format option support to ‘source sbom’ command similar to ‘image sbom’ operation, including spdx and cyclonedx formats
  • Adds new command to get a list of vulnerabilities in a specific application version across all artifacts (images and sources)
  • Adds csv output format for source-repo vulnerability and policy evaluation commands
  • Fixes adding of incorrect image to application version when using a tag reference in cases where more than one image with that tag is present in the system

Update to using Syft 0.72.1

7 - AnchoreCTL Release Notes - Version 1.3.0

The latest version of AnchoreCTL is 1.3.0.

AnchoreCTL 1.3.0 is a maintenance release which includes:

  • Added SPDX, CycloneDX and other format options alongside the default JSON format, to the ‘image sbom’ fetch operation
  • Added CSV format option to ‘image vulnerabilities’ and ‘image check’ operations
  • Enable ability add container images to Anchore Enterprise by image digest
  • Add a new ‘CVEs’ column to default table output for ‘image vulnerabilities’ operation for non-CVE findings that refer to one or more CVEs
  • Update ‘image add’ from SBOM to respect the –no-auto-subscribe flag
  • Fixes segfault when adding application association to an image that is in analyzing state

Update to using Syft 0.62.3

8 - AnchoreCTL Release Notes - Version 1.2.0

The latest version of AnchoreCTL is 1.2.0.

AnchoreCTL 1.2.0 is a maintenance release which includes:

  • Support for ‘recommendation’ fields from policy evaluations when used with Enterprise 4.1.1
  • Fixed to only show a vulnerability once in anchorectl image vuln when not using the -t/--type option
  • Help and command typo fixes

Updated to using Syft v0.58.0

9 - AnchoreCTL Release Notes - Version 1.1.0

The latest version of AnchoreCTL is 1.1.0.

AnchoreCTL 1.1.0 is a maintenance release which includes:

  • inventory list command to show all images in the inventory
  • compatability with Syft v0.56.0

Updated to using Syft v0.56.0

10 - AnchoreCTL Release Notes - Version 1.0.0

The latest version of AnchoreCTL is 1.0.0.

AnchoreCTL 1.0.0 represents the first stable release of the tool as the primary CLI for Anchore Enterprise users. Configuration, command structure and capabilities have all been renovated to support the usage of the client by administrators, users, and within scripting environments for automated integration

Added new administrative command groupings:

  • Account commands (add, get, list, delete, enable, disable)
  • User commands (add, get, list, delete, set-password)
  • Analysis archive rule commands (add, get, list, delete)
  • Analysis archive image commands (add, get list, delete, restore)
  • Event commands (get, list, delete)
  • Feed commands (list, sync)
  • Policy commands (add, get, list, delete, activate)
  • Registry commands (add, get list, delete, update)
  • Repo commands (add, get, list, delete, watch, unwatch)
  • Subscription commands (get, list, delete, activate, deactivate)
  • System commands (status, wait, delete)

The image add and source add commands have been revisited to additionally provide a simple way to extract common data from Anchore Enterprise:

  • anchorectl image add <my-image> --get vulnerabilities,content : get a summary of content and vulnerabilities to stdout
  • anchorectl image add <my-image> --get all=/path/to/store/results: get policy evaluation, vuln, and content results, and store all raw JSON files to /path/to/store/results
  • anchorectl image add <my-image> --get policy-evaluation: will get the policy evaluation results and set the return code to 1 if the policy evaluation is not passing (allowing use as a quality gate)

Added the ability to associate images and sources with an application name and version when adding into the system (e.g. anchorectl image add <my image> --application <name>@<version>).

The UI for all commands has been enhanced to convey intermediate progress and be transparent about actions taken to any result. For instance, using ANCHORECTL_DEBUG_API=true and increasing log levels to “debug” or “trace” (-vv or -vvv) will show individual API events and responses

The anchorectl.yaml application configuration has changed, use anchorectl --help to see the latest configuration schema

Added flag to switch output format for most commands to one of text, json, json-raw, or ID

Updated to using syft v0.52.0

11 - AnchoreCTL Release Notes - Version 0.2.0

The latest version of AnchoreCTL is 0.2.0. AnchoreCTL is dependent on Syft v0.39.3 as a library.

The current features that are supported are as follows:

  • Ability to add sboms via anchorectl using stdin to provide an existing SBOM without re-creating it.

12 - AnchoreCTL Release Notes - Version 0.1.4

The latest version of AnchoreCTL is 0.1.4. AnchoreCTL is dependent on Syft v0.39.3 as a library.

The current features that are supported are as follows:

  • Source Repository Management: Generate an SBOM and store the SBOM in Anchore’s database. Get information about the source repository, investigate vulnerability packages by requesting vulnerabilities for a single analyzed source repository, or get any policy evaluations.
  • Download full image SBOMs for images analyzed with Enterprise 4.0.0.
  • Compliance Reports: View and operate on runtime compliance reports, such as STIGs, created by the rem tool.
  • Corrections Management: View and modify corrections information to help reduce false positives in your vulnerability results.
  • Image Management: View, list, import local analysis, and request image analysis by the system.
  • Runtime Inventory Management: Add, update, and view cluster configurations for Anchore to scan, as well as for the inventory reports themselves.
  • System Operations: View and manage system information for your Enterprise deployment.