NOTE: For users upgrading from 0.2.X to 0.3.X, please note that the upgrade process may take some time for deployments anchore-engine that have a large number of images stored (many thousands).  Please review the upgrade guide to safely plan for an upgrade, and plan for a longer service maintainance window than usual for this upgrade if your engine has a large number of images analyzed.


Features and Improvements


The Anchore Engine and Anchore CLI version 0.3.1 includes the following improvements and new features:

  • Added - vulnerability scan support for Amazon Linux 2 images (ALAS-* vulnerability matches)
  • Added - policy engine policy evaluation optimization and cache for results to avoid re-evaluation when inputs have not changed. Uses combination of bundle content digest,
    feed sync update timestamps, and image load times to detect when a policy evaluation cannot have changed and uses a cached result instead of an evaluation to reduce CPU and D
    B usage.
  • Added - CLI operation 'system wait' to be used for scripting processes that need to block on an anchore-engine deployment coming up and being fully ready for use
  • Improved - removed feed endpoint and credentials check from policy engine bootstrap, and initialize group metadata for enabled feed types before syncing feed data
  • Minor bug fixes

Bug Fixes


The Anchore Engine and Anchore CLi version 0.3.1 includes many minor bugfixes and general improvements, including the following bugs:

  • Fix - adjust build of embedded skopeo command that was causing segmentation fault when registry hostnames included the domain suffix '.local'
  • Minor bug fixes

Upgrading the Anchore Engine


The regular Anchore Engine upgrade procedure can be performed to upgrade the Anchore Engine to version 0.3.1, with any special considerations for this particular release listed in the 'NOTE' section below.


NOTE: For users upgrading from 0.2.X to 0.3.X, please note that the upgrade process may take some time for deployments anchore-engine that have a large number of images stored (many thousands).  Please review the upgrade guide to safely plan for an upgrade, and plan for a longer service maintainance window than usual for this upgrade if your engine has a large number of images analyzed.


NOTE: If upgrading with a configuration file (config.yaml) that has analyzer services enabled from version 0.2.2 or prior, but has no values set for 'endpoint_hostname', 'listen', and 'port', you will need to set these values for analyzer services to come up correctly in 0.2.X.  The analyzer service ports do not need to be exposed for normal operation, unless prometheus metrics are enabled and/or other site-specific features are enabled that require analyzer service port access (e.g. for pinging the /heath route, etc.).