Anchore Engine Release Notes - Version 0.4.0

Anchore Engine 0.4.0

Anchore Engine 0.4.0 includes many new features, bug fixes and improvements. The latest summary can always be found in the Anchore Engine CHANGELOG on github.

New Features

  • Image Analysis Archive Subsystem. See #165.
  • all anchore-engine services now run (by default) as non-root, including the analyzer (with new analyzer implementation)
  • optional policy parameter for vulnerabilities older than N days. Implements #156. Contribution by i845783 <[email protected]>
  • new facility to carry anchore error codes through to API error response envelope. Addresses #150 and will extend in future for richer error information in API responses.
  • /system/error_codes route to describe possible anchore error codes.
  • re-platformed anchore engine and CLI container image on Red Hat Universal Base Image (UBI)


  • cleanup feed sync error path where another sync is in progress. use the new anchore error code mechanism
  • support for psycopg2 SQL Alchemy Driver
  • new docker-compose quickstart method
  • combined analyzer module functionality
  • error message from parse_dockerimage_string. Contributed by Nicolas Simonds <[email protected]>
  • re-introduce many integration tests and integration testing framework
  • remove more verbose logging around lease ops in monitor function of catalog
  • update workspace analyzer directory deletion to handle nested permissions errors using onerror shutil.rmtree handler, to avoid permission denied possibilities from rootless analyzer

Bug Fixes

  • improved handling of case where default_bundle_file key is unset internally for initializers that reference that configuration key. Fixes #113.
  • skip dpkg results that are not in the explicit installed (ii) state. Fixes #169.
  • bug in passwd_file gate’s context setup that was parsing entries incorrectly.
  • bytes decode issue in the object store manager interface that is masked in py3.6 but exposed in py3.5
  • update to handle redirect for when trailing slash is omitted, during initial registry ping in validation routine. Fixes #175.


Last modified March 10, 2021: Merge v0.9.2-dev to master (#946) (0bb613bb)