Anchore Engine Release Notes - Version 0.5.0
Anchore Engine 0.5.0
Anchore Engine 0.5.0 includes many new features, bug fixes and improvements. The latest summary can always be found in the Anchore Engine CHANGELOG on github.
- Support for local image analysis tool and process, including local analyzer operation in anchore_manager and new image analysis archive import API operation
- Switch NVD feed driver to consume normalized vulnerability data from latest NVD JSON 1.0 Schema
- New parameter to vulnerabilities gate to only trigger if a fix has been available for over a specified number of days
- New parameters in vulnerabilities gate to allow for triggers based on CVSSv3 scoring information. Implements #164.
- Structured CVSS scoring information throughout external API responses, where vulnerability information is returned (vulnerability scans, vulnerability queries). Implements #163, #160, #223.
- Optional support using hashed passwords on anchore user credential storage, and adds support token-based user authentication
- More complete CPE version strings now available from latest NVD data feed, improving scope of non-os package vulnerability matches
- Spelling, grammar and broken link updates to top level README. Contributions by Neil Levine ([email protected]) and MichaelSimons ([email protected])
- Updated validation and improved error detail for user and account management API operations
- Updates to quickstart/example docker-compose.yaml, and bootstrap entrypoint for better custom root CA inclusion
Last modified March 10, 2021: Merge v0.9.2-dev to master (#946) (0bb613bb)