Upgrading Anchore Enterprise

Upgrading from one minor version of Anchore Enterprise to another is normally handled seamlessly by the Helm chart or an upsert of your Docker Compose configuration which are both supplied with each release. Those follow the general methods from this doc page, however for some major releases there are Specific Instructions which you may have to review.

To retrieve the current version of Anchore Enterprise the anchorectl system status command can be run, and the output will have a column titled “CODE VERSION”, which will display the running version of each service. You can also login to the Anchore Enterprise Web UI and find the version details in the top bar.

Upgrade Procedure

Prior to upgrading Anchore Enterprise, it is highly recommended to first review the Anchore Enterprise Release Notes and review the entire doc with particular attention on the ‘Recommended Component Versions’ as well as the ‘Requirements’ sections.

  • The ‘Requirements’ section shares important notices and/or DB schema changes and any possible suggested downtime needed for schema and/or data changes.

  • The ‘Recommended Component Versions’ section details the supported versions of integration tooling like AnchoreCTL, this might require further upgrades of other software components across your environment to maintain compatibility with the core Anchore Enterprise service.

When you are ready to perform an upgrade, we recommend, as a best practice, that you first Backup/snapshot your Database. When backing up, you must first stop your Anchore Enterprise services/deployment so that all services have completed their writes. We also highly recommend you test upgrades in a QA/Test environment first.

Please note, there is no automatic downgrade capability, thus the only way to downgrade after an upgrade (whether it succeeds or fails) is to restore your database contents to a state from a prior version of Anchore Enterprise, and explicitly run the compatible version of Anchore Enterprise against the corresponding database version.

☸️ Kubernetes (Helm) Upgrade Procedure

A Helm pre-upgrade hook initiates a Kubernetes job that scales down all active Anchore Enterprise pods and handles the Anchore Enterprise database upgrade.

The Helm upgrade is marked as successful only upon the job’s completion. This process causes the Helm client to pause until the job finishes and new Anchore Enterprise pods are initiated. To monitor the upgrade, follow the logs of the upgrade jobs. These jobs are automatically removed after a subsequent successful Helm upgrade.

An optional post-upgrade hook is available to perform Anchore Enterprise upgrades without forcing all pods to terminate prior to running the upgrade. This is the same upgrade behavior that was enabled by default in the legacy anchore-engine chart. To enable the post-upgrade hook, set upgradeJob.usePostUpgradeHook=true in your values file.

  1. View both the Helm Chart Release Notes for any necessary steps prior to upgrading and also review the Anchore Enterprise Release Notes

  2. Update the Helm repository to get the latest chart version.

    helm repo update
    
  3. Upgrade Anchore Enterprise using the Helm chart.

    export NAMESPACE=anchore
    export RELEASE=my-release
    
    helm upgrade ${RELEASE} -n ${NAMESPACE} anchore/enterprise -f anchore_values.yaml
    
  4. Review the helm upgrade command output

  5. Once upgraded, you can review the new state of your Anchore Enterprise install to verify the new version is running using the regular system status command.

    anchorectl system status
    

🐳 Docker Compose Upgrade Procedure

  1. View the Anchore Enterprise Release Notes

  2. First review the ’name’ and volume(s) used in your new compose file. Failure to match these to your existing deployment and older Compose file will result in a new/clean deployment rather than an upgrade.

  3. Stop all running instances of Anchore

    docker compose down
    
  4. Make a copy of your original docker-compose.yaml file as backup

    cp docker-compose.yaml docker.compose.yaml.backup
    
  5. Download the latest docker-compose.yaml

    curl https://docs.anchore.com/current/docs/deployment/docker_compose/docker-compose.yaml > docker-compose.yaml
    
  6. Review the latest docker-compose.yaml and merge any edits/changes from your original docker-compose.yaml.backup to the latest docker-compose.yaml

  7. Restart the Anchore containers

    docker compose up -d
    
  8. To monitor the progress of your upgrade, you can watch the docker logs from your catalog container, where you should see some initial output indicating whether or not an upgrade is needed or being performed, followed by the regular Anchore log output.

    docker compose logs -f catalog
    
  9. Once upgraded, you can review the new state of your Anchore Enterprise install to verify the new version is running using the regular system status command.

    anchorectl system status
    

🚧 Manual Upgrade Procedure

If for any reason the automated upgrade fails, or you would like to perform the upgrade of the anchore database manually, you can use the following (general) procedure. This should only be done by advanced operators after backing up the anchore database, ensuring that the anchore database is up and running, and that all running anchore components are stopped.

  • Install the desired Anchore container manually.
  • Run the Anchore container but override the entrypoint to run an interactive shell instead of the default ‘anchore-manager service start’ entrypoint command.
  • Manually execute the database upgrade command, using the appropriate db_connect string. For example, if using Postgres, the db_connect string will look like postgresql://$ANCHORE_DB_HOST/$ANCHORE_DB_NAME?user=$ANCHORE_DB_USER&password=$ANCHORE_DB_PASSWORD
$ anchore-manager db --db-connect "postgresql://$ANCHORE_DB_HOST/$ANCHORE_DB_NAME?user=$ANCHORE_DB_USER&password=$ANCHORE_DB_PASSWORD" upgrade
#Output
[MainThread] [anchore_manager.cli.utils/connect_database()] [INFO] DB params: {"db_connect_args": {"timeout": 86400, "ssl": false}, "db_pool_size": 30, "db_pool_max_overflow": 100}
[MainThread] [anchore_manager.cli.utils/connect_database()] [INFO] DB connection configured: True
[MainThread] [anchore_manager.cli.utils/connect_database()] [INFO] DB attempting to connect...
[MainThread] [anchore_manager.cli.utils/connect_database()] [INFO] DB connected: True
...
...
  • The output will indicate whether or not a database upgrade is needed. It will then prompt for confirmation if it is, and will display upgrade progress output before completing.

Specific Version Upgrades


This section is intended as a guide for any special instructions and information related to upgrading to specific versions of Enterprise.

Upgrading Enterprise v4.x to Enterprise v5.21.0

5.X Migration Guide

Last modified October 2, 2025