Anchore Enterprise Release Notes - Version 4.6.0
Anchore Enterprise 4.6.0
Anchore Enterprise release v4.6.0 contains targeted fixes and improvements. A Database update is needed.
Note
Please view the details around the upcoming Enterprise v5.0.0 release. Important requirements must be met before upgrade. See link below.Please Note: If you are upgrading from an Anchore Enterprise version prior to v4.2.0, there is a known issue that will require you to upgrade to v4.2.0 or v4.3.0 first. Once completed, you will have no issues upgrading to v4.6.0. Please contact Anchore Support if you need further assistance.
Enterprise Service Updates
Improvements
- Runtime Inventory
- New API Delete functionality for any runtime inventory context that is no longer being reported on by KAI.
/enterprise/inventories DELETE
- The Inventory Watcher improved logging output at info level so that it is more concise.
- The Inventory Watcher now contains additional global metrics
anchore_monitor_inventory_contexts_monitored_total- Total number of contexts monitored via subscriptionsanchore_monitor_inventory_images_total ( found )- Total number of images from runtime inventory that are being watchedanchore_monitor_inventory_images_total ( success )- Total number of images successfully added to the cataloganchore_monitor_inventory_images_total ( fail )- Total number of images that failed to be added to the catalog
- New API Delete functionality for any runtime inventory context that is no longer being reported on by KAI.
- Policy Triggers
- Vulnerability Package Trigger has a new parameter
inherited from base. It provides more control on which vulnerabilities will be considered by the policy.trueshows vulnerabilities only inherited from the base imagefalsehides vulnerabilities inherited from the base image
- We have deprecated various triggers using
blacklistandwhitelistterminology in favor ofdenylistandallowlist. The deprecated triggers will continue to work until they are removed in Enterprise v5.0.0. Note that existing allowlist entries for the deprecated triggers will continue to work until the policy is updated to use the new triggers at which time the trigger IDs will no longer match.
- Vulnerability Package Trigger has a new parameter
- Analysis Jobs
- Improves the ability of the system to re-queue image analysis and image import jobs from shut-down analyzers to minimize the impact of
scale-down operations on the set of analyzers. In addition to the existing
analyzingstate timeout behavior, the system can now detect an image was analyzed by a now-down analyzer as soon as the analyzer is reported as down, making the re-queue time a matter of minutes instead of hours. - Additional metrics were also added to help give more visibility into analysis
anchore_analyzer_status ( waiting )- Analyzer is idle and is waiting to receive work from the queueanchore_analyzer_status ( error )- Analyzer is not able to process workanchore_analyzer_status ( processing )- Analyzer is currently processing workanchore_analyzer_dequeue_latency- Indicator of the responsiveness of the queue service for this analyzer
- Improves the ability of the system to re-queue image analysis and image import jobs from shut-down analyzers to minimize the impact of
scale-down operations on the set of analyzers. In addition to the existing
Fixes
- Fixed an SSL Error for customers who are using custom certificates.
- Resolved problems in the Inventory Watcher when processing large inventories.
- Policy validation has been improved during initial creation of the policy bundle. This will provide a better feedback mechanism so that invalid policies can be fixed earlier.
- Addressed an issue where the python binary cataloger incorrectly returned multiple instances of a python package.
UI Updates
Fixes
- Deprecated policy triggers
- A new warning indicator has been added to the policy rule list to flag triggers that are invalid or that have been deprecated. If you edit a policy rule containing a deprecated trigger, we also indicate that the currently selected trigger has been deprecated and replaced by another trigger, so that it is easy to know how to fix policies containing such triggers.
- Policy editor tables
- We have upgraded the table widgets within the policy editor to make the columns resizable.
- Miscellaneous
- Various supporting libraries have been updated in order to improve security, performance, and also to remove deprecation warnings from browser and server output logs. Redundant libraries have been removed to reduce the app startup time and overall size.