Anchore Data Service

1 - Anchore Data Service Release Notes - Version 0.8.0 (2024-11-18)

Anchore Data Service v0.8.0 - 2024-11-18

• The vulnerability database has been improved by providing the inferred NVD Fix Version for vulnerabilities when possible. This data is used to provide information on the version of a package that contains the fix for a vulnerability.
  • Customers running Enterprise v5.10.0 and greater will automatically see this improved data on their next data sync.
  • This data is used in Vulnerabilities Policy Gate, Package Trigger with optional parameter of Fix Available.
  • For further background see https://anchorecommunity.discourse.group/t/grype-is-getting-more-fix-info-soon/165
    • The following PRs contain the relevant vulnerability database logic changes for this enhancement:
      • fix: add nvd fix version when versionEndExcluding provided grype-db#112
      • feat: Add config for inferring fixes from NVD grype-db#411

2 - Anchore Data Service Release Notes - Version 0.7.1 (2024-11-05)

Anchore Data Service v0.7.1 - 2024-11-05

• Provides a new dataset Exploit Prediction Scoring System Database (EPSS).
  • The EPSS data is developed by the Forum of Incident Response and Security Teams (FIRST).
  • This dataset can be used to provide a risk score for a vulnerability based on the likelihood that it will be exploited.
  • The EPSS dataset will be available to all Anchore customers once they upgrade to the future Enterprise v5.12.0 release which is expected at the end of November 2024.
    • This data will be used in the Vulnerabilities Policy Gate and Package Trigger with optional parameters:
      • EPSS Score Comparison
      • EPSS Score
      • EPSS Percentile Comparison
      • EPSS Percentile

3 - Anchore Data Service Release Notes - Version 0.6.1 (2024-10-23)

Anchore Data Service v0.6.1 - 2024-10-23

• Updated Grype DB v0.26.0 which includes the following changes:
  • Ability to handle symlink paths when found in the upstream vulnerability providers.

4 - Anchore Data Service Release Notes - Version 0.6.0 (2024-10-18)

Anchore Data Service v0.6.0 - 2024-10-18

• Grype DB version has been incremented to 0.25.0. This brings in the following change:
  • Grype DB now fetches OS type records from the NVD database.

5 - Anchore Data Service Release Notes - Version 0.5.1 (2024-09-26)

Anchore Data Service v0.5.1 - 2024-09-26

• Initial release of Anchore Data Service
• Anchore Data Service is a hosted service by Anchore that provides various data to all Enterprise customers. The datasets served include:
  • Vulnerability Database (grypedb)
  • ClamAV Malware Database
  • CISA KEV (Known Exploited Vulnerabilities)
• Your Anchore License is all that’s required to authenticate with this service. The data syncer service in your Enterprise installation will automatically sync this data to your installation.