Source URL: https://anchore.com/blog/grype-support-for-azure-linux-3-released/
Source: Anchore
Title: Grype Support for Azure Linux 3 released
Feedly Summary: On September 26, 2024 the OSS team at Anchore released general support for Azure Linux 3, Microsoft’s new cloud-focused Linux distribution. This blog post will share some of the technical details of what goes into supporting a new Linux distribution in Grype. Step 1: Make sure Syft identifies the distro correctly In this case, this […]
The post Grype Support for Azure Linux 3 released appeared first on Anchore.
AI Summary and Description: Yes
Summary: The text discusses the general support released for Azure Linux 3 by Anchore, focusing on the integration of this new Linux distribution into their security tools, specifically Grype, which is used for vulnerability scanning. It highlights the ease of adding new distributions and the steps taken to ensure accurate vulnerability identification.
Detailed Description:
The blog post details the technical implementation of supporting Azure Linux 3 within Anchore’s vulnerability scanning tool, Grype. Key points include:
– **Introduction of Azure Linux 3**:
– Released by Microsoft, Azure Linux 3 is a cloud-focused Linux distribution.
– Guides provided for ensuring compatibility with Anchore’s tools.
– **Key Steps in Integration**:
1. **Identification of Distro**:
– Syft, a tool from Anchore, automatically identifies Azure Linux 3 through standard labeling in the `/etc/os-release` file.
2. **Creation of Vulnerable Image**:
– Instruction on how to build a test image with known vulnerabilities to ensure Grype can adequately assess security risks.
– Utilization of an older version of golang RPM to verify vulnerability detection capabilities.
3. **Vunnel Provider Implementation**:
– Vunnel aggregates vulnerability data, making it straightforward to download and parse Microsoft’s OVAL XML for Azure Linux 3 vulnerabilities.
4. **Integration and Release**:
– Final integration of vulnerability data, allowing accurate scans of images built with Azure Linux 3.
– **Outcome and Benefits**:
– Immediate availability of vulnerability scanning for users of Grype v0.81.0 and later, providing them with current vulnerability information for images built on Azure Linux 3.
– Highlighted the collaborative nature of the open-source community—users can contribute to expanding support for other Linux distributions by submitting pull requests.
– **Open Source Contribution**:
– Emphasis on all developments being open source, allowing community involvement in expanding the breadth of supported distributions.
This information is vital for security and compliance professionals who need to ensure that their cloud infrastructure remains secure and compliant with the latest standards and vulnerabilities. The seamless integration of new distributions into existing security tools indicates a proactive approach to continuously address emerging security challenges in cloud computing environments.