Adapting to the new normal at NVD with Anchore Vulnerability Feed
0 likes34 views
The document discusses the features and enhancements of Anchore Enterprise 5.5, focusing on its vulnerability feed service, integration capabilities, and continuous scanning features for both Linux and Windows containers. It highlights the challenges of the National Vulnerability Database (NVD) and how Anchore's vulnerability feed addresses these issues, offering improved data quality and operational simplification. The document encourages customers to enable all available feeds for optimal results and offers resources for further engagement with the platform.
![Vulnerability Data Sources
[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vecto
rString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","accessVector":"NETWORK","accessCo
mplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","in
tegrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":7.1},"baseS
everity":"HIGH","exploitabilityScore":
8.6,"impactScore":6
.9,"acInsufInfo":fal
se,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivile
ge":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"
nvd@nis
t.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"co
nfigurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulner
able":true,"criteria":"
cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*","m
atchCriteriaId":"9E86E13
Anchore
Enterprise
Vulnerability
Providers
Canonical
Microsoft
GitHub
NVD
Debian
Python
NPM](https://image.slidesharecdn.com/5-240507160545-6dea7b26/85/Adapting-to-the-new-normal-at-NVD-with-Anchore-Vulnerability-Feed-7-320.jpg)
![Vulnerability Data Sources
{"name":"CVE-2024-3094","priority":"
critical","patches":[{"distro":"focal","s
tatus":"not-affected","version":"
5.2.4-1ubuntu1.1","package":"xz-utils","prio
rity":null},{"distro":"jammy","status":"not-affected","version":"
5.2.5-2ubunt
u1","package":"xz-utils","priority":null},{"distro":"mantic","status":"not-af
fected","version":"5.4.1-0.2","package":"xz-utils","priority":null}],"ignored
_patches":[{"distro":"upstream","status":"needs-triage","version":null,"packa
ge":"xz-utils","priority":null},{"distro":"trusty/esm","status":"not-affected
","version":null,"package":"
xz-utils","priority":null},{"distro":"esm-infra/x
enial","status":"not-affected","version":null,"package":"
xz-utils","priority"
:null},{"distro":"esm-infra/bionic","status":"not-affected","version":null,"p
ackage":"xz-utils","pri
Anchore
Enterprise
Vulnerability
Providers
Canonical
Microsoft
Other 3rd
parties
NVD
GitHub
Debian
Python
NPM](https://image.slidesharecdn.com/5-240507160545-6dea7b26/85/Adapting-to-the-new-normal-at-NVD-with-Anchore-Vulnerability-Feed-8-320.jpg)
![Unreliable Data Sources
{"name":"CVE-2024-3094","priority":"
critical","patches":[{"distro":"focal","s
tatus":"not-affected","version":"
5.2.4-1ubuntu1.1","package":"xz-utils","prio
rity":null},{"distro":"jammy","status":"not-affected","version":"
5.2.5-2ubunt
u1","package":"xz-utils","priority":null},{"distro":"mantic","status":"not-af
fected","version":"5.4.1-0.2","package":"xz-utils","priority":null}],"ignored
_patches":[{"distro":"upstream","status":"needs-triage","version":null,"packa
ge":"xz-utils","priority":null},{"distro":"trusty/esm","status":"not-affected
","version":null,"package":"
xz-utils","priority":null},{"distro":"esm-infra/x
enial","status":"not-affected","version":null,"package":"
xz-utils","priority"
:null},{"distro":"esm-infra/bionic","status":"not-affected","version":null,"p
ackage":"xz-utils","pri
Anchore
Enterprise
Vulnerability
Providers
Canonical
Microsoft
NVD
GitHub
Debian
Python
NPM](https://image.slidesharecdn.com/5-240507160545-6dea7b26/85/Adapting-to-the-new-normal-at-NVD-with-Anchore-Vulnerability-Feed-9-320.jpg)
![Missing & Erroneous Data
{"name":"CVE-2024-3094","priority":"
high","patches":[{"distro":"focal","statu
s":"not-affected","version":"
5.2.5-2ubuntu1","package":"xz-utils","priority":
null},{"distro":"jammy","status":"not-affected","version":"
5.2.5-2ubuntu1","p
ackage":"xz-utils","priority":null},{"distro":"mantic","status":"not-affected
","version":"5.4.1-0.2","package":"xz-utils","priority":null}],"ignored_patch
es":[{"distro":"upstream","status":"needs-triage","version":null,"package":"
x
z-utils","priority":null},{"distro":"
trusty/esm","status":"not-affected","ver
sion":null,"package":"
xz-utils","priority":null},{"distro":"esm-infra/xenial"
,"status":"not-affected","version":null,"package":"
xz-utils","priority":null}
,{"distro":"esm-infra/bionic
","status":"not-affected","version":null,"package
":"xz-utils","pri
Anchore
Enterprise
Vulnerability
Providers
Canonical
Microsoft
NVD
GitHub
Debian
Python
NPM](https://image.slidesharecdn.com/5-240507160545-6dea7b26/85/Adapting-to-the-new-normal-at-NVD-with-Anchore-Vulnerability-Feed-10-320.jpg)
Adapting to the new normal at NVD with Anchore Vulnerability Feed
- 1. Anchore Enterprise 5.5 - Adapting to the new normal at NVD Neil Levine VP of Product Anchore Alan Pope Director of DevRel Anchore
- 2. Housekeeping 01 02 03 All participant lines are muted Questions will be accepted throughout, enter questions via Q&A panel You will receive a follow-up email with a link to the recording 04 Please respond to poll questions as they are appear on your screen
- 3. Agenda Introductions 01 02 Vulnerability Feeds & NVD Challenges 03 Anchore Vulnerability Feed Service & Enhancements in 5.5 04 Q&A
- 5. Anchore Enterprise: How it Works Anchore Enterprise Run Deploy Stage Build Source Runtime SCM CI/CD Registry Docker v2 API Admission controller AnchoreCTL AnchoreCTL Enterprise Capabilities ● Linux and Windows containers ● Malware & secrets scanning in addition to vulnerabilities ● Fully-supported integrations with CI/CD tools ● Continuous scanning from develop to runtime ● Persist SBOMs and security results across apps and teams ● Enhanced vulnerability feed ● Centralized policy enforcement with pre-built policy packs ● API/GUI for reporting and auditing ● Notifications ● Remediation recommendations & workflows ● Enterprise control with support for RBAC, SSO, LDAP ● SLA Technical Support K8S Inventory EKS Inventory Policy Enforcement | Compliance Vulnerabilities SBOM Management Analyzers Analyzers Analyzers Analyzers Analyzers Reporting | Auditing Malware | Secrets False Positive Mgmt Remediation
- 6. Anchore Enterprise: How it Works Anchore Enterprise Run Deploy Stage Build Source Runtime SCM CI/CD Registry Docker v2 API Admission controller AnchoreCTL AnchoreCTL Enterprise Capabilities ● Linux and Windows containers ● Malware & secrets scanning in addition to vulnerabilities ● Fully-supported integrations with CI/CD tools ● Continuous scanning from develop to runtime ● Persist SBOMs and security results across apps and teams ● Enhanced vulnerability feed ● Centralized policy enforcement with pre-built policy packs ● API/GUI for reporting and auditing ● Notifications ● Remediation recommendations & workflows ● Enterprise control with support for RBAC, SSO, LDAP ● SLA Technical Support K8S Inventory EKS Inventory Policy Enforcement | Compliance Vulnerabilities SBOM Management Analyzers Analyzers Analyzers Analyzers Analyzers Reporting | Auditing Malware | Secrets False Positive Mgmt Remediation
- 10. Missing & Erroneous Data {"name":"CVE-2024-3094","priority":" high","patches":[{"distro":"focal","statu s":"not-affected","version":" 5.2.5-2ubuntu1","package":"xz-utils","priority": null},{"distro":"jammy","status":"not-affected","version":" 5.2.5-2ubuntu1","p ackage":"xz-utils","priority":null},{"distro":"mantic","status":"not-affected ","version":"5.4.1-0.2","package":"xz-utils","priority":null}],"ignored_patch es":[{"distro":"upstream","status":"needs-triage","version":null,"package":" x z-utils","priority":null},{"distro":" trusty/esm","status":"not-affected","ver sion":null,"package":" xz-utils","priority":null},{"distro":"esm-infra/xenial" ,"status":"not-affected","version":null,"package":" xz-utils","priority":null} ,{"distro":"esm-infra/bionic ","status":"not-affected","version":null,"package ":"xz-utils","pri Anchore Enterprise Vulnerability Providers Canonical Microsoft NVD GitHub Debian Python NPM
- 11. NVD Challenges
- 12. NVD (NIST) CVE Program (MITRE) Product Owner Vuln Researcher Vulnerability Discovered Vulnerability Discovered Vulnerability Submitted to CVE Numbering Authority Published to National Vulnerability Database Vulnerability Intake Vulnerability Triage Needs More info/ Provides additional info Vuln Confirmed Report Vulnerability Affected Products Vulnerability Type Attack Type Impact Provide Additional Details Bug Bounty Payment Bounty Payment Received Reserve CVE Assign Vuln CVE CVE-YYYY-XXX XX CVE Rejected Needs More Info Vulnerability Remediation Coordinated Disclosure Vulnerability Notification Coordinated Disclosure Populate CVE List CVE Approved NVD Analyst Assigned NVD Enrichment Reference Tags CVSS CWE CPE Senior Analyst Review
- 13. Changes at NVD
- 14. NVD (NIST) CVE Program (MITRE) Product Owner Vuln Researcher Vulnerability Discovered Vulnerability Discovered Vulnerability Submitted to CVE Numbering Authority Published to National Vulnerability Database Vulnerability Intake Vulnerability Triage Needs More info/ Provides additional info Vuln Confirmed Report Vulnerability Affected Products Vulnerability Type Attack Type Impact Provide Additional Details Bug Bounty Payment Bounty Payment Received Reserve CVE Assign Vuln CVE CVE-YYYY-XXX XX CVE Rejected Needs More Info Vulnerability Remediation Coordinated Disclosure Vulnerability Notification Coordinated Disclosure Populate CVE List CVE Approved NVD Analyst Assigned NVD Enrichment Reference Tags CVSS CWE CPE Senior Analyst Review
- 15. Anchore Vuln Feed Updates
- 16. Anchore Vulnerability Feed Proxy Mode Anchore sources vulnerability feeds and makes them available to customers Enabled on a per-feed driver basis List of known false positives Anchore sources missing CPE data from NVD records from other sources (Does not include Severity/CVSS) Exclusion Data Feed Enriched Data Feed New in 5.5! New in 5.5!
- 17. Existing Data Source Feed Options Anchore Enterprise Vulnerability Providers Canonical Microsoft Other 3rd parties NVD Anchore Vuln Feed Direct mode Direct mode Direct mode Direct mode Exclusion Data Feed
- 18. Proxy Mode (5.5+) Anchore Enterprise Vulnerability Providers Canonical Microsoft Other 3rd parties NVD Anchore Vuln Feed Direct mode Direct mode Direct mode Direct mode Enriched Data Feed Exclusion Data Feed
- 19. Proxy Mode + Enriched Data (5.5+) Anchore Enterprise Vulnerability Providers Canonical Microsoft Other 3rd parties NVD Anchore Vuln Feed Proxy mode + Enriched Data Exclusion Data Feed
- 20. Customer Benefits Proxy Mode Fewer distractions from 3rd party service outages No API tokens or service registration Simple firewall configuration Fewer false positives due to imprecise vulnerability metadata Ensures NVD catalog is up to date with CVE records CPE data missing from NVD records provided by Anchore Exclusion Data Feed Enriched Data Feed
- 21. Enhancing Data Quality Vulnerability Providers CVE5 NVD Anchore Open Source Vulnerability Data Tools + Human Review Anchore Enterprise 3rd Party Products
- 22. Get Involved Anchore Open Source github.com/anchore Open Source NVD Enrichment Project github.com/anchore/vulnerability-data-tools Enriched NVD Data github.com/anchore/nvd-data-overrides Anchore Community Slack anchore.com/slack
- 24. Recent updates Global CVE References Use CVE references in policy or searches independent of record which generated the match alert Download the AnchoreCTL client from an Enterprise API endpoint to ensure version consistency Simplify authentication for non-human users AnchoreCTL Endpoint Token-based Auth New in 5.5!
- 25. Summary 1. NVD’s future continues to be uncertain 2. The Anchore Vulnerability Feed helps mitigate some of the data gaps 3. The Anchore Vulnerability Feed simplifies the operations of feed management 4. Customers should enable all feeds for the most accurate results
- 26. Next Steps Get started with a free-trial Anchore Enterprise https://get.anchore.com/free-trial/ Learn more about Anchore Enterprise https://anchore.com/platform Visit our GitHub and Community Slack github.com/anchore and https://anchore.com/slack Download the NVIDIA case study www.anchore.com/nvidia
- 27. Thank you for joining! Schedule a demo of our platform @ get.anchore.com/demo-request