Anchore Enterprise Release Notes - Version 5.3.0
Anchore Enterprise v5.3.0
Anchore Enterprise release v5.3.0 contains targeted fixes and improvements.
Enterprise Service Updates
Announcements
Note
In the future v5.4.0 release, any Anchore Enterprise that is deployed on FIPS enabled hosts with its database being hosted on Amazon RDS, will be required to be running with a Postgres Version of 16 or greater. For more information please contact Customer Support.Requirements
- If upgrading from a v5.x release, a database update is required.
- If upgrading from a v4.x release, please refer to the v4.x –> v5.x Migration Guide.
Improvements
- User Groups API Support (v5.3.0 Preview)
- Providing the ability for an administrator to define one or more
RBAC Rolesfor one or moreaccountswithin anUser Group. The administrator has the ability to add and remove users from theUser Groups. These users will automatically have the privileges as defined by theUser Groupin addition to any explicitly assignedRBAC Roles.
- Providing the ability for an administrator to define one or more
- Policy
- Policy
packagesgate has a newmetadatatrigger and provides the following parameter values:- Package type to exact match against
- Package name to match against (supports wildcards)
- Package version to match against (supports wildcards)
- Allowlists can contain either CVEs or corresponding Advisory IDs and work the same regardless of which was used to match the Trigger ID.
- Policy
- Reports
- Report executions that fail to complete after 3 attempts will be cancelled. The report will continue to be executed on any defined schedule.
- Improved the description of the
Current Onlyfilter in reports that contain tag information.
- The
/system/statisticsendpoint now includes the number of successful policy evaluations and the number of reports generated. - Improved the performance of the background task that deletes older runtime inventory based on the configuration value
inventory_ttl_days. - Improved the performance of Policy Evaluations.
- Improved the behavior of the GitHub Vulnerability Provider when a token is not provided. The system will automatically disable this provider and log a warning message to alert the user.
Fixes
- Addressed an issue where the policy’s
dockerfilegate witheffective_usertrigger could not determine the effective user. - Enterprise provides better handling of NuGet packages.
- Syft v0.105.0 improved its ability to search common patterns within a go binary. This should resolve an issue determining the version where the main module is
(devel). - Addressed a failure seen by all the feed providers when the GitHub Token was set to NULL instead of an empty string.
- Fixed the Policy
distrogate when the version field was a non-numeric value (ie latest). - Policy Engine has improved its validation of the
grype-dbduring startup. - JAR filenames, which had an underscore in their names, are now parsed correct in SBOMs.
Deprecations
- Support for OpenStack Swift, which is an open-source object storage system, has been deprecated. Please see Object Storage for a list of supported Object Stores.
UI Updates
Improvements
The results table within the Vulnerabilities tab now contains a CVEs column that lists all CVEs associated with each vulnerability.
NVD CVSS Base Score is now included in the CSV and JSON reports that are generated from the Vulnerabilities tab in the Artifact Analysis view. In addition, a CVEs column has also been added in order to fully represent every CVE associated with each
The results view for a report now contains the following additional details:
Results generation started atResults generation completed at'
Fixes (v5.3.1)
- Due to a regression accidentally introduced in version 5.2.0, the migration of reports predating 5.0.0 would fail upon upgrading to 5.2.0. This failure resulted in a service error when attempting to view the report from the Saved Reports view. This issue has now been resolved.
- In rare cases, the Accounts view would return a 404 if it tried to fetch users from an account that had been deleted by another admin. This issue has now been addressed.
- Due to a regression in 5.3.0, the calendar widget available in Events and Policies was not centered correctly. This issue has now been resolved.
Fixes (v5.3.0)
A fix has been provided for an issue where reports that have no results either serve corrupted (JSON) or empty (CSV) files on download. This issue has now been addressed.
In previous releases, the timestamps displayed in the Report Results view were not correctly calculated if the page was visited directly via URL, or if the page was refreshed. Now fixed.
Deleted image retention policies are no longer displayed in the System > Data Management view (admin only).
Various supporting libraries have been updated in order to improve security, performance, and also to remove deprecation warnings from browser and server output logs. Redundant libraries have been removed to reduce the app startup time and overall size.
Recommended Component Versions
| Component | Supported Version | Additional Info |
|---|---|---|
| Enterprise | v5.3.0 | With Syft v0.105.0 and Grype v0.74.6 |
| Enterprise UI | v5.3.1 | |
| AnchoreCTL | v5.3.0 | Deploying AnchoreCTL |
| Enterprise Helm Chart | v2.4.1 | https://github.com/anchore/anchore-charts |
| Anchore ECS Inventory | v1.3.0 | https://github.com/anchore/ecs-inventory |
| Anchore Kubernetes Inventory | v1.2.0 | https://github.com/anchore/k8s-inventory |
| Kubernetes Admission Controller | v0.5.0 | https://github.com/anchore/kubernetes-admission-controller |
| Jenkins Plugin | v2.0.0 | https://plugins.jenkins.io/anchore-container-scanner |
| Harbor Scanner Adapter | v1.3.0 | https://github.com/anchore/harbor-scanner-adapter |
| enterprise-gitlab-scan | v4.0.0 | docker.io/anchore/enterprise-gitlab-scan:v4.0.0 |