Anchore Enterprise Release Notes - Version 5.4.1
Anchore Enterprise v5.4.1
Anchore Enterprise release v5.4.1 contains a targeted fix and configuration options for feeds.
Enterprise Service Updates
Requirements
- If upgrading from a v4.x release, please refer to the v4.x –> v5.x Migration Guide.
- If upgrading from a release in the range of v5.0.0 - v5.3.0
- The upgrade will result in an automatic schema change that will require database downtime. We are anticipating that this schema change may take more than an hour to complete depending on the amount of data in your reporting system.
- If your Anchore Enterprise deployment is on FIPS enabled hosts and your database is being hosted on Amazon RDS, an upgrade to Postgres 16 or greater is required. For more information please see the FIPS section in Requirements.
- If upgrading from the v5.4.0 release, no additional action is needed.
Improvements
Enables delivery of Anchore augmentation to vulnerability records to enable a better vulnerability scanning experience. This enables Anchore to minimize customer impact from the current NVD analysis slowdown and ensure accurate scan results. In order to provide the best experience, we have 3 configuration options available.
- NVD Direct Mode - No changes are needed. You will continue to receive the vulnerability data from NVD as you do today.
- NVD Direct Mode with Anchore Enrichment - Allowing Anchore to enrich NVD entries by adding CPE string(s) which allows Anchore Enterprise to correctly match on new vulnerabilities. Requires access to GitHub.
- NVD Proxy Mode with Anchore Enrichment - In this mode, Anchore produces the resulting workspace of the Anchore Enrichments and publishes it in https://enterprise.vunnel.feed.anchore.io. This allows users to consume the Anchore NVD Enriched data without needing access to GitHub.
For more configuration details please review NVD Provider.
NVD with Anchore Enriched data is not currently providing any severity information. By definition only NVD can supply NVD CVSS scores.
Note
The future v5.5.0 release will change the default for the feed provider’s configuration. The new default will import results published by Anchore every 6 hours. This will reduce configuration to multiple sources, provide the NVD with Anchore Enriched data, as well as make GitHub Security Advisories available to customers that have firewall constraints.
Fixes
- Resolves issue with uploading runtime inventory that contains unicode characters.
Deprecations
- Support for OpenStack Swift, which is an open-source object storage system, has been deprecated. Please see Object Storage for a list of supported Object Stores.
UI Updates
Fixes
- A fix has been applied to the image summary data processing operation that calculates the artifact taxonomy for registries, repositories, and tags. Ports are now correctly handled when included in the registry value.
Recommended Component Versions
| Component | Supported Version | Additional Info |
|---|---|---|
| Enterprise | v5.4.1 | With Syft v1.0.1 and Grype v0.74.7 |
| Enterprise UI | v5.4.1 | |
| AnchoreCTL | v5.4.0 | Deploying AnchoreCTL |
| Enterprise Helm Chart | v2.5.4 | https://github.com/anchore/anchore-charts |
| Anchore ECS Inventory | v1.3.0 | https://github.com/anchore/ecs-inventory |
| Anchore Kubernetes Inventory | v1.4.0 | https://github.com/anchore/k8s-inventory |
| Kubernetes Admission Controller | v0.5.0 | https://github.com/anchore/kubernetes-admission-controller |
| Jenkins Plugin | v3.0.0 | https://plugins.jenkins.io/anchore-container-scanner |
| Harbor Scanner Adapter | v1.3.1 | https://github.com/anchore/harbor-scanner-adapter |
| enterprise-gitlab-scan | v4.0.0 | docker.io/anchore/enterprise-gitlab-scan:v4.0.0 |