Anchore Engine Release Notes - Version 0.5.0

Anchore Engine 0.5.0

Anchore Engine 0.5.0 includes many new features, bug fixes and improvements. The latest summary can always be found in the Anchore Engine CHANGELOG on github.

New Features

  • Support for local image analysis tool and process, including local analyzer operation in anchore_manager and new image analysis archive import API operation
  • Switch NVD feed driver to consume normalized vulnerability data from latest NVD JSON 1.0 Schema
  • New parameter to vulnerabilities gate to only trigger if a fix has been available for over a specified number of days
  • New parameters in vulnerabilities gate to allow for triggers based on CVSSv3 scoring information. Implements #164.
  • Structured CVSS scoring information throughout external API responses, where vulnerability information is returned (vulnerability scans, vulnerability queries). Implements #163, #160, #223.
  • Optional support using hashed passwords on anchore user credential storage, and adds support token-based user authentication

Improvements

  • More complete CPE version strings now available from latest NVD data feed, improving scope of non-os package vulnerability matches
  • Spelling, grammar and broken link updates to top level README. Contributions by Neil Levine ([email protected]) and MichaelSimons ([email protected])
  • Updated validation and improved error detail for user and account management API operations
  • Updates to quickstart/example docker-compose.yaml, and bootstrap entrypoint for better custom root CA inclusion

Upgrading

Last modified March 10, 2021: Merge v0.9.2-dev to master (#946) (0bb613bb)