Features and Improvements
The Anchore Engine and Anchore CLi version 0.2.2 includes the following improvements and new features:
- New feature: support for multiple policies in mapping rules of policy bundles
- New feature: add image 'metadata' content, accessible using 'anchore-cli image metadata <image>' to review dockerfile, docker hisory, and manifest content
- New feature: support for non-os package vulnerability scanning and access to new data feed (NVD)
- Improved DB bootstrap process significantly, including DB compatability checks
- Improved GET routes to remove the need for a body (equiv. key=values can now also be supplied as querystring parameters)
- Improved vulnerability record format including separation of package and version for effected packaged into their own fields
- Add registry validation when adding a registry credential (can be optionally skipped)
- Add options for 'external URL' broadcast for each service, in LB cases where the TLS/port state of the actual service differs from how the services intercommunicate. Fixes github issue #49
- Add better tolerance of archive document migration (contributed by Armstrong Li <firstname.lastname@example.org>)
- Remove dependency on external 'anchore' installation, bringing all analyzer/sync code from deprecated original anchore project into engine natively
The Anchore Engine and Anchore CLi version 0.2.2 includes many minor bugfixes and general improvements, including the following bugs:
- Fix tar hardlink error largely noticed on RHEL/Centos based images, causing some images to fail analysis
- Fix to return RFC3339 ISO datetime strings (contributed by Patrik Cyvoct <email@example.com>)
- Fix that adds force kwarg parameter to by_id function defs. Fixes github issue #55.
- Fix that updates the ping_docker_registry() routine to handle translating docker.io to the actual dockerhub registry url. Fixes github issue #52.
Upgrading the Anchore Engine
The regular Anchore Engine upgrade procedure can be performed to upgrade the Anchore Engine to version 0.2.2
NOTE: If upgrading with a configuration file (config.yaml) that has analyzer services enabled, but has no values set for 'endpoint_hostname', 'listen', and 'port', you will need to set these values for analyzer services to come up correctly in 0.2.X. The analyzer service ports do not need to be exposed for normal operation, unless prometheus metrics are enabled and/or other site-specific features are enabled that require analyzer service port access (e.g. for pinging the /heath route, etc.).
The latest release is 0.2.2, which adds support for the new features and capabilities in Anchore Engine 0.2.2.