Anchore Engine Release Notes - Version 0.9.1

Anchore Engine 0.9.1

Anchore Engine 0.9.1 bug fixes, and improvements. The latest summary can always be found in the Anchore Engine CHANGELOG on github.

Changes of Note


  • Added - Ability to block image analysis operations if the image’s compressed size is above a configured value. Fixes #786


  • Improved - Updated output messages and description for vulnerability_data_unavailable trigger and stale_feeds_data trigger to clarify only OS packages impacted. Fixes #879
  • Improved - Do not allow selectors to be empty unless using max_images_per_account_rule. Fixes #863
  • Improved - Updates Syft to version 0.12.4 to fix several issues in image analysis including empty package names/versions in invalid package.json files and java jar parent references being Nil.
  • Improved - Require user to set explicit default admin password at bootstrap instead of defaulting to a value if none found. Fixes #810
  • Improved - Update PyYAML to 5.4.1
  • Improved - Update Passlib to 1.7.4
  • Improved - Update to use Python 3.8
  • Improved - Update base image to UBI 8.3. Fixes #888


  • Fixed - Failed analysis due to incorrect manifest mime types due to bug in buildah. Fixes #850
  • Fixed - External API service swagger spec for GetRegistry response is inconsistent with actual returned JSON. Fixes #846
  • Fixed - Fixed analysis archive rules that did not fire if delete transition rule present. Fixes #883
  • Fixed - Force re-analysis of tag and digest rejected if create_at_override timestamp not provided. Fixes #861
  • Additional minor fixes and improvements


Last modified March 10, 2021: Merge v0.9.2-dev to master (#946) (0bb613bb)