Anchore Enterprise Release Notes - Version 4.5.0

Anchore Enterprise 4.5.0

Anchore Enterprise release v4.5.0 contains targeted fixes and improvements. There is no Database update needed.

Enterprise Service Updates

Improvements

  • Introducing a new RBAC Role called report-admin. This is meant to be a companion role for users that need to work with scheduled queries but do not have other write permissions.
  • Anchore Enterprise is now using Red Hat Universal Base Image 9 Minimal as its base image. This significantly reduces the number of packages provided by the operating system, thus reducing the vulnerability surface overall.

Fixes

  • Fixed an issue that prevented image metadata from being correctly displayed for images with unsupported packaging systems (Arch Linux, etc).
  • Properly identifies alpine:edge when evaluating the vulnerabilities.vulnerability_data_unavailable trigger.
  • Fixed an issue that allowed admin users to perform some operations against non-existent accounts.
  • Database upgrades now succeed from Anchore Enterprise Releases older than v4.2.0.
  • Users who only have read-only permissions are correctly prevented from creating, updating and deleting scheduled report queries.

Deprecation Reminders

  • The anchore-cli has been deprecated and will be removed from the docker.io/anchore/enterprise image during the v5.0.0 Release. AnchoreCTL is the only supported command line tool for interacting with Anchore Enterprise.

UI Updates

Improvements

  • Artifact Analysis
    • In addition to our native JSON format, the Artifact Analysis view now allows Software Bill of Material (SBOM) data to be downloaded in both the Software Package Data Exchange (SPDX) format and the OWASP CycloneDX format.
    • The table in the Vulnerabilities tab now contains a Detected At column that indicates the analysis discovery time of the vulnerability. This data is now also present in the downloadable report data for this view.
  • Policy Editor
    • The Policy Editor dialog now displays any rules that contain invalid or obsolete triggers in its summary table. These rules are similarly highlighted when the rule is edited for easy removal.
  • Reports
    • From within the administrative account, both the Quick Reports and Report Manager controls now allow you to preview and retrieve report data from either the local account or from all accounts system-wide.

    • A new template has been added to our current set of system templates that surfaces policy compliance data against runtime inventory artifacts.

    • Additional fields have been added to our existing system templates:

      • Vulnerability-related templates now include a links field

      • Runtime-related templates now include an account field

      • All templates now include an inventory_type field

      Note: In order to surface these fields, new queries must be created using these updated system templates as their basis—they will not be present in any existing stored queries.'

Fixes

  • System: User Management
    • Prior to this fix, updates to the user list would be inaccurate if a user was created by another user with full-control privileges from a switched account context. Now addressed.
  • Logging
    • A minor issue has been addressed whereby active users that had their accounts deleted, or resided within an account that was disabled, would not be correctly logged after this event.
  • Policy Manager: Rules
    • Gate rules created for Source artifacts will now only display the triggers associated with that artifact type. Prior to this fix, the entire set of triggers (for both Source and Image types) were shown in the dropdown.
  • Report Manager: RBAC
    • Access control restrictions for report management operations have now been applied throughout this feature. The creation, management, and deletion of report schedules and their associated items are now gated by the RBAC roles associated with the reports service.
  • Application Architecture
    • The Anchore Enterprise UI is now provisioned using Red Hat Universal Base Image 9 Minimal. This image significantly reduces the number of packages provided by the operating system, thus reducing the vulnerability surface overall.
  • System: Login
    • Addressed an issue whereby logging in via an external IDP, as opposed to the SSO link on the Enterprise UI login page, would fail under certain circumstances.
  • Miscellaneous
    • Various supporting libraries have been updated in order to improve security, performance, and also to remove deprecation warnings from browser and server output logs. Redundant libraries have been removed to reduce the app startup time and overall size.
Last modified September 30, 2024