Anchore Enterprise Release Notes - Version 4.7.0
Anchore Enterprise v4.7.0
Anchore Enterprise release v4.7.0 contains targeted fixes and improvements. A Database update is needed.
Note
Please view the details around the upcoming Enterprise v5.0.0 release. Important requirements must be met before upgrade. See link below.Please Note: If you are upgrading from an Anchore Enterprise version prior to v4.2.0, there is a known issue that will require you to upgrade to v4.2.0 or v4.3.0 first. Once completed, you will have no issues upgrading to v4.7.0. Please contact Anchore Support if you need further assistance.
Enterprise Service Updates
Improvements
- Runtime Inventory
- Anchore has introduced two new Runtime Inventory Agents for use with the v4.7.0 release of Anchore Enterprise.
anchore-k8s-inventoryandanchore-ecs-inventorywill provide better access to your runtime environments. See Kubernetes Runtime Inventory and ECS Runtime Inventory for more details. - Runtime Inventory TTL was also improved to be more effective in helping you to manage expired inventory items.
- Anchore has introduced two new Runtime Inventory Agents for use with the v4.7.0 release of Anchore Enterprise.
- Reporting
Vulnerabilities by Kubernetes Namespaceis a new template which will allow you to view and filter on vulnerabilities found within a Kubernetes Namespace. The report will populate only if you have deployed the newanchore-k8s-inventory.
- Feeds
- Anchore Enterprise is now fully integrated with our Open Source applications of
anchore/vunnelandanchore/grype-db. - Chainguard Linux Vulnerability Provider has been added to the list of feeds.
- Support for the OVAL v2 RHEL Security Endpoint.
- Anchore Enterprise is now fully integrated with our Open Source applications of
- Account email field is now editable via API.
- Vulnerability Package trigger, adds a new parameter that controls the behavior of vulnerabilities found in the base image. The new parameter can be set to trigger on vulnerabilities in the base image, trigger on vulnerabilities that are not in the base image, or to trigger only on vulnerabilities present in the base image.
- Container Image SBOM generation and import from AnchoreCTL without the need for Syft
- Combined with AnchoreCTL 1.6.0, you can now analyze images fully using AnchoreCTL and import the results to Enterprise, including secret scans, filesystem metadata analysis, content searches and file retrieval with equivalent functionality to what Enterprise-backend analysis scans produce. The only exception is that malware scanning is not supported by AnchoreCTL-based analysis.
Fixes
- Enabling the
Repo Watcherwhen there is already an image from the repo with an active subscription, no longer returns an error. - Adding a source sbom which does has java packages without a metadata virtual path is handled correctly.
- Addressed an issue where Anchore Enterprise displayed multiple Binary Package Locations.
- Correctly handle an import of an image sbom which contains packages with no metadata.
- Improved handling of the Microsoft Windows product id during analysis of Windows containers.
UI Updates
Fixes
- Various supporting libraries have been updated in order to improve security, performance, and also to remove deprecation warnings from browser and server output logs. Redundant libraries have been removed to reduce the app startup time and overall size.
Recommended Component Versions
| Component | Recommended Version |
|---|---|
| Enterprise | v4.7.0 |
| Enterprise UI | v4.7.0 |
| Helm Chart | v1.25.0 |
| AnchoreCTL | v1.6.0 |
| anchore-k8s-inventory | v1.0.0 |
| anchore-ecs-inventory | v1.0.0 |
| KAI (Deprecated) | v0.5.0 |
| Kubernetes Admission Controller | v0.4.0 |
| REM (Remote Execution Manager) | v0.1.10 |
| Harbor Scanner Adapter | v1.0.1 |
| Jenkins Plugin | v1.0.25 |