Anchore Engine Release Notes - Version 0.5.1

Anchore Engine 0.5.1

Anchore Engine 0.5.1 includes many new features, bug fixes and improvements. The latest summary can always be found in the Anchore Engine CHANGELOG on github.

New Features

  • Array support for the id param in /query/vulnerabilities and a namespace parameter for same route. Fixes #278.
  • Support for images based on google distroless OS, including detection of base OS/version and installed OS dpkg packages. Fixes #277.
  • Ability to import an image analysis archive where the resulting image is owned by the account used to initiate the import. Fixes #269.
  • New parameter to secret_search gate, which allows the user to specify whether to trigger if a match is found (default) or is not found (new behavior). Fixes #264.
  • New trigger in the ‘files’ gate to allow for checks against various file attributes - checksum and mode. Fixes #262. Fixes #204.

Bug Fixes

  • Better parsing of www-authentiate response header when performing registry credential validation on registry add. Fixes #275.
  • Add fall-thru on fix_available check for os packages in vulnerbility gate, addressing duplicate trigger matches that are disregarded by policy. Fixes #273.
  • Addresses analysis failure in cases where image config document metadata does not contain a history element. Fixes #260.
  • Addresses external_id reference before assignment error on ecr iam role usage. Fixes #259
  • Improvements and fixes within the version comparison implementation for dpkg and rpm. Fixes #274 and #265.

Improvements

  • Enforce stricter api checks for “source” object in POST /images. Fixes #261
  • Many minor bug fixes and improvements, in API input validation, CPE-based CVE matching performance, and others

Upgrading


Last modified March 10, 2021: Merge v0.9.2-dev to master (#946) (0bb613bb)