Anchore Enterprise Feeds has three high level components - drivers, database and API
A driver downloads raw data from an external source and normalizes it. Each driver outputs normalized data for one of the four feed types - (os) vulnerabilities, packages, nvd or snyk
- Drivers responsible for operating system package vulnerabilities gather raw data from the respective os resources listed below
- Package drivers process the official list of packages maintained by NPM and RubyGems organizations
- nvd driver processes all the CVEs in the NIST database and the supplies normalized data that can be used for matching non-os packages (such as Java, Python, NPM, GEM)
- snyk driver sources vulnerability data for non-os packages curated by https://snyk.io/vuln. Policy Engine prioritizes snyk over nvd feed data when its available for matching vulnerabilities in non-os packages.
All drivers except for the package drivers are enabled by default. The service has configuration toggles enabling/disabling each driver individually and tuning driver specific settings.
|Driver||Feed Type||External Data Source|
Normalized vulnerability and package data is persisted in the database. In addition, the execution state and updates to the data set are tracked in the database
Anchore Enterprise Feeds exposes a RESTful API for interaction with the service. The API layer serves normalized data from the database based on the client requests. Policy Engine uses this API to sync the feed data down to the Anchore Engine database