Anchore Data Service Release Notes - Version 0.8.0 (2024-11-18)

Anchore Data Service v0.8.0 - 2024-11-18

• The vulnerability database has been improved by providing the inferred NVD Fix Version for vulnerabilities when possible. This data is used to provide information on the version of a package that contains the fix for a vulnerability.
  • Customers running Enterprise v5.10.0 and greater will automatically see this improved data on their next data sync.
  • This data is used in Vulnerabilities Policy Gate, Package Trigger with optional parameter of Fix Available.
  • For further background see https://anchorecommunity.discourse.group/t/grype-is-getting-more-fix-info-soon/165
    • The following PRs contain the relevant vulnerability database logic changes for this enhancement:
      • fix: add nvd fix version when versionEndExcluding provided grype-db#112
      • feat: Add config for inferring fixes from NVD grype-db#411

Last modified November 18, 2024