From 886888ad77f41eb82c8887f2dd5fd5dc2e83bb83 Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 13:25:49 -0700
Subject: [PATCH 01/11] quote all booleans used in default functions & remove
 MSRC token requirements

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 .../templates/engine_configmap.yaml           | 10 ++---
 .../templates/enterprise_feeds_configmap.yaml | 37 +++++++++----------
 2 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/stable/anchore-engine/templates/engine_configmap.yaml b/stable/anchore-engine/templates/engine_configmap.yaml
index b5374991..1bf9921e 100644
--- a/stable/anchore-engine/templates/engine_configmap.yaml
+++ b/stable/anchore-engine/templates/engine_configmap.yaml
@@ -240,17 +240,17 @@ data:
               # The following feeds are synced if provider is set to legacy
               # Vulnerabilities feed is the feed for distro cve sources (redhat, debian, ubuntu, oracle, alpine....)
               vulnerabilities:
-                enabled: {{ default "true" .Values.anchoreGlobal.syncVulnerabilites }}
+                enabled: {{ default "true" (.Values.anchoreGlobal.syncVulnerabilites | quote) }}
                 url: {{ $anchoreFeedsURL }}
               # NVD Data is used for non-distro CVEs (jars, npm, etc) that are not packaged and released by distros as rpms, debs, etc
               nvdv2:
-                enabled: {{ default "true" .Values.anchoreGlobal.syncNvd }}
+                enabled: {{ default "true" (.Values.anchoreGlobal.syncNvd | quote) }}
                 url: {{ $anchoreFeedsURL }}
               github:
                 {{- if .Values.anchoreEnterpriseGlobal.enabled }}
                 enabled: {{ .Values.anchoreEnterpriseFeeds.githubDriverEnabled }}
                 {{- else }}
-                enabled: {{ default "true" .Values.anchoreGlobal.syncGithub }}
+                enabled: {{ default "true" (.Values.anchoreGlobal.syncGithub | quote) }}
                 {{- end }}
                 url: {{ $anchoreFeedsURL }}
               # Warning: enabling the packages and nvd sync causes the service to require much more memory to do process the significant data volume. We recommend at least 4GB available for the container
@@ -259,12 +259,12 @@ data:
                 {{- if and (and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled) (or .Values.anchoreEnterpriseFeeds.gemDriverEnabled .Values.anchoreEnterpriseFeeds.npmDriverEnabled) }}
                 enabled: true
                 {{- else }}
-                enabled: {{ default "false" .Values.anchoreGlobal.syncPackages }}
+                enabled: {{ default "false" (.Values.anchoreGlobal.syncPackages | quote) }}
                 {{- end }}
                 url: {{ $anchoreFeedsURL }}
               {{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled }}
               vulndb:
-                enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.vulndbDriverEnabled }}
+                enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.vulndbDriverEnabled | quote) }}
                 url: {{ $anchoreFeedsURL }}
               {{- else if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreGlobal.syncVulnDB }}
               vulndb:
diff --git a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
index d1b21197..a2636482 100644
--- a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
+++ b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
@@ -94,54 +94,51 @@ data:
           workspace_preload_file: "/workspace_preload/data.tar.gz"
         # If api_only is set to true, the service will not update feed data in the system.
         # API end points will be functional and serve feed data if any is available.
-        api_only: {{ default "false" .Values.anchoreEnterpriseFeeds.apiOnly }}
+        api_only: {{ default "false" (.Values.anchoreEnterpriseFeeds.apiOnly | quote) }}
         drivers:
           # Configuration section for drivers collecting and processing feed data.
           # All drivers are enabled by default unless explicitly disabled.
           amzn:
-            enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.amazonDriverEnabled }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.amazonDriverEnabled | quote) }}
           alpine:
             enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.alpineDriverEnabled }}
           centos:
-            enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.centosDriverEnabled }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.centosDriverEnabled | quote) }}
           debian:
-            enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.debianDriverEnabled }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.debianDriverEnabled | quote) }}
           ol:
-            enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.olDriverEnabled }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.olDriverEnabled | quote) }}
           ubuntu:
-            enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.ubuntuDriverEnabled }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.ubuntuDriverEnabled | quote) }}
           rhel:
-            enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.rhelDriverEnabled }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.rhelDriverEnabled | quote) }}
           nvddb:
-            enabled: {{ default "false" .Values.anchoreEnterpriseFeeds.nvdDriverEnabled }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.nvdDriverEnabled | quote) }}
           # npm and gem drivers are explicitly disabled out of the box
           npm:
-            enabled: {{ default "false" .Values.anchoreEnterpriseFeeds.npmDriverEnabled }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.npmDriverEnabled | quote) }}
           gem:
             # rubygem data comes packaged as a PostgreSQL dump file. gem driver loads the pg dump and normalizes the data.
             # To enable gem driver comment the enabled property and uncomment the db_connect property.
-            enabled: {{ default "false" .Values.anchoreEnterpriseFeeds.gemDriverEnabled }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.gemDriverEnabled | quote) }}
             db_connect: {{ default "'postgresql://${ANCHORE_DB_USER}:${ANCHORE_FEEDS_DB_PASSWORD}@${ANCHORE_DB_HOST}/gems'" .Values.anchoreEnterpriseFeeds.gemDbEndpoint }}
           nvdv2:
-            enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.nvdv2DriverEnabled }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.nvdv2DriverEnabled | quote) }}
           vulndb:
-            enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.vulndbDriverEnabled }}
-        {{- if .Values.anchoreEnterpriseFeeds.msrcDriverEnabled }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.vulndbDriverEnabled | quote) }}
           msrc:
-            enabled: true
-            api_key: ${ANCHORE_MSRC_KEY}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.githubDriverEnabled | quote) }}
             {{- with .Values.anchoreEnterpriseFeeds.msrcWhitelist }}
             whitelist:
               - {{ . }}
             {{- end }}
-        {{- end }}
-        {{- if .Values.anchoreEnterpriseFeeds.githubDriverEnabled }}
           github:
-            enabled: true
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.githubDriverEnabled | quote) }}
+          {{- if .Values.anchoreEnterpriseFeeds.githubDriverEnabled }}
             token: ${ANCHORE_GITHUB_TOKEN}
-        {{- end }}
+          {{- end }}
           grypedb:
-            enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.grypeDriverEnabled }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.grypeDriverEnabled | quote) }}
             external_feeds_url: "https://toolbox-data.anchore.io/grype/databases/listing.json"
         {{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
         ssl_enable: {{ .Values.anchoreGlobal.internalServicesSsl.enabled }}

From 2015ba97d811030fdafa1114487ae97580e795d0 Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 13:26:17 -0700
Subject: [PATCH 02/11] bump engine/enterprise images

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 stable/anchore-engine/README.md   | 8 ++++++++
 stable/anchore-engine/values.yaml | 6 +++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/stable/anchore-engine/README.md b/stable/anchore-engine/README.md
index f2b8c1d2..4544f92e 100644
--- a/stable/anchore-engine/README.md
+++ b/stable/anchore-engine/README.md
@@ -243,6 +243,14 @@ See the anchore-engine [CHANGELOG](https://github.com/anchore/anchore-engine/blo
 
 A Helm post-upgrade hook job will shut down all previously running Anchore services and perform the Anchore DB upgrade process using a kubernetes job. The upgrade will only be considered successful when this job completes successfully. Performing an upgrade will cause the Helm client to block until the upgrade job completes and the new Anchore service pods are started. To view progress of the upgrade process, tail the logs of the upgrade jobs `anchore-engine-upgrade` and `anchore-enterprise-upgrade`. These job resources will be removed upon a successful helm upgrade.
 
+## Chart version 1.14.0
+
+---
+
+* Anchore Engine image updated to v0.10.1 - [Release Notes](https://engine.anchore.io/docs/releasenotes/0101/)
+* Anchore Enterprise image updated to v3.1.1 - [Release Notes](https://docs.anchore.com/current/docs/releasenotes/311/)
+* Enterprise Feeds - MSRC feeds no longer require an access token. No changes are needed, however MSRC access tokens can now be removed from values and/or existing secrets.
+
 ## Chart version 1.13.0
 
 ---
diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml
index 30d20952..232d2526 100644
--- a/stable/anchore-engine/values.yaml
+++ b/stable/anchore-engine/values.yaml
@@ -95,7 +95,7 @@ ingress:
 # Global configuration shared by all anchore-engine services.
 anchoreGlobal:
   # Image used for all anchore engine deployments (excluding enterprise components).
-  image: docker.io/anchore/anchore-engine:v0.10.0
+  image: docker.io/anchore/anchore-engine:v0.10.1
   imagePullPolicy: IfNotPresent
 
   # Set image pull secret name if using an anchore-engine image from a private registry
@@ -676,7 +676,7 @@ anchoreEnterpriseGlobal:
   # Create this secret with the following command - kubectl create secret generic anchore-enterprise-license --from-file=license.yaml=<PATH TO LICENSE.YAML>
   licenseSecretName: anchore-enterprise-license
 
-  image: docker.io/anchore/enterprise:v3.1.0
+  image: docker.io/anchore/enterprise:v3.1.1
   imagePullPolicy: IfNotPresent
   # Name of the kubernetes secret containing your dockerhub creds with access to the anchore enterprise images.
   # Create this secret with the following command - kubectl create secret docker-registry anchore-enterprise-pullcreds --docker-server=docker.io --docker-username=<USERNAME> --docker-password=<PASSWORD> --docker-email=<EMAIL_ADDRESS>
@@ -912,7 +912,7 @@ anchoreEnterpriseNotifications:
 anchoreEnterpriseUi:
   # If enabled is set to false, set anchore-ui-redis.enabled to false to ensure that helm doesn't stand up a unneccessary redis instance.
   enabled: true
-  image: docker.io/anchore/enterprise-ui:v3.1.0
+  image: docker.io/anchore/enterprise-ui:v3.1.1
   imagePullPolicy: IfNotPresent
 
   # Set extra environment variables. These will be set on all UI containers.

From 0c3403737a94266f299ffc5406cafbb85920d3ca Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 13:26:25 -0700
Subject: [PATCH 03/11] bump chart version

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 stable/anchore-engine/Chart.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml
index fe8e3bc9..475f8ee4 100644
--- a/stable/anchore-engine/Chart.yaml
+++ b/stable/anchore-engine/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: anchore-engine
-version: 1.13.0
-appVersion: 0.10.0
+version: 1.14.0
+appVersion: 0.10.1
 description: Anchore container analysis and policy evaluation engine service
 keywords:
  - analysis

From 7096fbbb8fcc7c9e2db6adc98513cd653a3f87c2 Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 15:06:48 -0700
Subject: [PATCH 04/11] use toString in pipelines to ensure strings arent
 treated like bools

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 .../templates/engine_configmap.yaml           | 10 +++---
 .../templates/enterprise_feeds_configmap.yaml | 34 +++++++++----------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/stable/anchore-engine/templates/engine_configmap.yaml b/stable/anchore-engine/templates/engine_configmap.yaml
index 1bf9921e..117be1ed 100644
--- a/stable/anchore-engine/templates/engine_configmap.yaml
+++ b/stable/anchore-engine/templates/engine_configmap.yaml
@@ -240,17 +240,17 @@ data:
               # The following feeds are synced if provider is set to legacy
               # Vulnerabilities feed is the feed for distro cve sources (redhat, debian, ubuntu, oracle, alpine....)
               vulnerabilities:
-                enabled: {{ default "true" (.Values.anchoreGlobal.syncVulnerabilites | quote) }}
+                enabled: {{ default "true" (.Values.anchoreGlobal.syncVulnerabilites | toString) }}
                 url: {{ $anchoreFeedsURL }}
               # NVD Data is used for non-distro CVEs (jars, npm, etc) that are not packaged and released by distros as rpms, debs, etc
               nvdv2:
-                enabled: {{ default "true" (.Values.anchoreGlobal.syncNvd | quote) }}
+                enabled: {{ default "true" (.Values.anchoreGlobal.syncNvd | toString) }}
                 url: {{ $anchoreFeedsURL }}
               github:
                 {{- if .Values.anchoreEnterpriseGlobal.enabled }}
                 enabled: {{ .Values.anchoreEnterpriseFeeds.githubDriverEnabled }}
                 {{- else }}
-                enabled: {{ default "true" (.Values.anchoreGlobal.syncGithub | quote) }}
+                enabled: {{ default "true" (.Values.anchoreGlobal.syncGithub | toString) }}
                 {{- end }}
                 url: {{ $anchoreFeedsURL }}
               # Warning: enabling the packages and nvd sync causes the service to require much more memory to do process the significant data volume. We recommend at least 4GB available for the container
@@ -259,12 +259,12 @@ data:
                 {{- if and (and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled) (or .Values.anchoreEnterpriseFeeds.gemDriverEnabled .Values.anchoreEnterpriseFeeds.npmDriverEnabled) }}
                 enabled: true
                 {{- else }}
-                enabled: {{ default "false" (.Values.anchoreGlobal.syncPackages | quote) }}
+                enabled: {{ default "false" (.Values.anchoreGlobal.syncPackages | toString) }}
                 {{- end }}
                 url: {{ $anchoreFeedsURL }}
               {{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled }}
               vulndb:
-                enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.vulndbDriverEnabled | quote) }}
+                enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.vulndbDriverEnabled | toString) }}
                 url: {{ $anchoreFeedsURL }}
               {{- else if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreGlobal.syncVulnDB }}
               vulndb:
diff --git a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
index a2636482..76e0c037 100644
--- a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
+++ b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
@@ -94,51 +94,51 @@ data:
           workspace_preload_file: "/workspace_preload/data.tar.gz"
         # If api_only is set to true, the service will not update feed data in the system.
         # API end points will be functional and serve feed data if any is available.
-        api_only: {{ default "false" (.Values.anchoreEnterpriseFeeds.apiOnly | quote) }}
+        api_only: {{ default "false" (.Values.anchoreEnterpriseFeeds.apiOnly | toString) }}
         drivers:
           # Configuration section for drivers collecting and processing feed data.
           # All drivers are enabled by default unless explicitly disabled.
           amzn:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.amazonDriverEnabled | quote) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.amazonDriverEnabled | toString) }}
           alpine:
-            enabled: {{ default "true" .Values.anchoreEnterpriseFeeds.alpineDriverEnabled }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.alpineDriverEnabled | toString) }}
           centos:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.centosDriverEnabled | quote) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.centosDriverEnabled | toString) }}
           debian:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.debianDriverEnabled | quote) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.debianDriverEnabled | toString) }}
           ol:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.olDriverEnabled | quote) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.olDriverEnabled | toString) }}
           ubuntu:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.ubuntuDriverEnabled | quote) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.ubuntuDriverEnabled | toString) }}
           rhel:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.rhelDriverEnabled | quote) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.rhelDriverEnabled | toString) }}
           nvddb:
-            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.nvdDriverEnabled | quote) }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.nvdDriverEnabled | toString) }}
           # npm and gem drivers are explicitly disabled out of the box
           npm:
-            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.npmDriverEnabled | quote) }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.npmDriverEnabled | toString) }}
           gem:
             # rubygem data comes packaged as a PostgreSQL dump file. gem driver loads the pg dump and normalizes the data.
             # To enable gem driver comment the enabled property and uncomment the db_connect property.
-            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.gemDriverEnabled | quote) }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.gemDriverEnabled | toString) }}
             db_connect: {{ default "'postgresql://${ANCHORE_DB_USER}:${ANCHORE_FEEDS_DB_PASSWORD}@${ANCHORE_DB_HOST}/gems'" .Values.anchoreEnterpriseFeeds.gemDbEndpoint }}
           nvdv2:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.nvdv2DriverEnabled | quote) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.nvdv2DriverEnabled | toString) }}
           vulndb:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.vulndbDriverEnabled | quote) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.vulndbDriverEnabled | toString) }}
           msrc:
-            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.githubDriverEnabled | quote) }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.msrcDriverEnabled | toString) }}
             {{- with .Values.anchoreEnterpriseFeeds.msrcWhitelist }}
             whitelist:
               - {{ . }}
             {{- end }}
           github:
-            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.githubDriverEnabled | quote) }}
-          {{- if .Values.anchoreEnterpriseFeeds.githubDriverEnabled }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.githubDriverEnabled | toString) }}
+          {{- if eq (.Values.anchoreEnterpriseFeeds.githubDriverEnabled | toString) "true" }}
             token: ${ANCHORE_GITHUB_TOKEN}
           {{- end }}
           grypedb:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.grypeDriverEnabled | quote) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.grypeDriverEnabled | toString) }}
             external_feeds_url: "https://toolbox-data.anchore.io/grype/databases/listing.json"
         {{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
         ssl_enable: {{ .Values.anchoreGlobal.internalServicesSsl.enabled }}

From 82d332c1d03b79f96648fba357097fd752ea4ef4 Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 15:27:19 -0700
Subject: [PATCH 05/11] use quote in default pipelines, toString causes values
 that arent set to be nil

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 .../templates/engine_configmap.yaml           | 10 +++---
 .../templates/enterprise_feeds_configmap.yaml | 32 +++++++++----------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/stable/anchore-engine/templates/engine_configmap.yaml b/stable/anchore-engine/templates/engine_configmap.yaml
index 117be1ed..1bf9921e 100644
--- a/stable/anchore-engine/templates/engine_configmap.yaml
+++ b/stable/anchore-engine/templates/engine_configmap.yaml
@@ -240,17 +240,17 @@ data:
               # The following feeds are synced if provider is set to legacy
               # Vulnerabilities feed is the feed for distro cve sources (redhat, debian, ubuntu, oracle, alpine....)
               vulnerabilities:
-                enabled: {{ default "true" (.Values.anchoreGlobal.syncVulnerabilites | toString) }}
+                enabled: {{ default "true" (.Values.anchoreGlobal.syncVulnerabilites | quote) }}
                 url: {{ $anchoreFeedsURL }}
               # NVD Data is used for non-distro CVEs (jars, npm, etc) that are not packaged and released by distros as rpms, debs, etc
               nvdv2:
-                enabled: {{ default "true" (.Values.anchoreGlobal.syncNvd | toString) }}
+                enabled: {{ default "true" (.Values.anchoreGlobal.syncNvd | quote) }}
                 url: {{ $anchoreFeedsURL }}
               github:
                 {{- if .Values.anchoreEnterpriseGlobal.enabled }}
                 enabled: {{ .Values.anchoreEnterpriseFeeds.githubDriverEnabled }}
                 {{- else }}
-                enabled: {{ default "true" (.Values.anchoreGlobal.syncGithub | toString) }}
+                enabled: {{ default "true" (.Values.anchoreGlobal.syncGithub | quote) }}
                 {{- end }}
                 url: {{ $anchoreFeedsURL }}
               # Warning: enabling the packages and nvd sync causes the service to require much more memory to do process the significant data volume. We recommend at least 4GB available for the container
@@ -259,12 +259,12 @@ data:
                 {{- if and (and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled) (or .Values.anchoreEnterpriseFeeds.gemDriverEnabled .Values.anchoreEnterpriseFeeds.npmDriverEnabled) }}
                 enabled: true
                 {{- else }}
-                enabled: {{ default "false" (.Values.anchoreGlobal.syncPackages | toString) }}
+                enabled: {{ default "false" (.Values.anchoreGlobal.syncPackages | quote) }}
                 {{- end }}
                 url: {{ $anchoreFeedsURL }}
               {{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled }}
               vulndb:
-                enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.vulndbDriverEnabled | toString) }}
+                enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.vulndbDriverEnabled | quote) }}
                 url: {{ $anchoreFeedsURL }}
               {{- else if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreGlobal.syncVulnDB }}
               vulndb:
diff --git a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
index 76e0c037..d0373b94 100644
--- a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
+++ b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
@@ -94,51 +94,51 @@ data:
           workspace_preload_file: "/workspace_preload/data.tar.gz"
         # If api_only is set to true, the service will not update feed data in the system.
         # API end points will be functional and serve feed data if any is available.
-        api_only: {{ default "false" (.Values.anchoreEnterpriseFeeds.apiOnly | toString) }}
+        api_only: {{ default "false" (.Values.anchoreEnterpriseFeeds.apiOnly | quote) }}
         drivers:
           # Configuration section for drivers collecting and processing feed data.
           # All drivers are enabled by default unless explicitly disabled.
           amzn:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.amazonDriverEnabled | toString) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.amazonDriverEnabled | quote) }}
           alpine:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.alpineDriverEnabled | toString) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.alpineDriverEnabled | quote) }}
           centos:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.centosDriverEnabled | toString) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.centosDriverEnabled | quote) }}
           debian:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.debianDriverEnabled | toString) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.debianDriverEnabled | quote) }}
           ol:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.olDriverEnabled | toString) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.olDriverEnabled | quote) }}
           ubuntu:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.ubuntuDriverEnabled | toString) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.ubuntuDriverEnabled | quote) }}
           rhel:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.rhelDriverEnabled | toString) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.rhelDriverEnabled | quote) }}
           nvddb:
-            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.nvdDriverEnabled | toString) }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.nvdDriverEnabled | quote) }}
           # npm and gem drivers are explicitly disabled out of the box
           npm:
-            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.npmDriverEnabled | toString) }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.npmDriverEnabled | quote) }}
           gem:
             # rubygem data comes packaged as a PostgreSQL dump file. gem driver loads the pg dump and normalizes the data.
             # To enable gem driver comment the enabled property and uncomment the db_connect property.
-            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.gemDriverEnabled | toString) }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.gemDriverEnabled | quote) }}
             db_connect: {{ default "'postgresql://${ANCHORE_DB_USER}:${ANCHORE_FEEDS_DB_PASSWORD}@${ANCHORE_DB_HOST}/gems'" .Values.anchoreEnterpriseFeeds.gemDbEndpoint }}
           nvdv2:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.nvdv2DriverEnabled | toString) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.nvdv2DriverEnabled | quote) }}
           vulndb:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.vulndbDriverEnabled | toString) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.vulndbDriverEnabled | quote) }}
           msrc:
-            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.msrcDriverEnabled | toString) }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.msrcDriverEnabled | quote) }}
             {{- with .Values.anchoreEnterpriseFeeds.msrcWhitelist }}
             whitelist:
               - {{ . }}
             {{- end }}
           github:
-            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.githubDriverEnabled | toString) }}
+            enabled: {{ default "false" (.Values.anchoreEnterpriseFeeds.githubDriverEnabled | quote) }}
           {{- if eq (.Values.anchoreEnterpriseFeeds.githubDriverEnabled | toString) "true" }}
             token: ${ANCHORE_GITHUB_TOKEN}
           {{- end }}
           grypedb:
-            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.grypeDriverEnabled | toString) }}
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.grypeDriverEnabled | quote) }}
             external_feeds_url: "https://toolbox-data.anchore.io/grype/databases/listing.json"
         {{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
         ssl_enable: {{ .Values.anchoreGlobal.internalServicesSsl.enabled }}

From 14a9a1890079d16208cbe8f4ed92596a83152926 Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 17:40:21 -0700
Subject: [PATCH 06/11] use ubuntu:latest for testing

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 .github/workflows/test.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 53f894e8..5451557d 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -9,8 +9,7 @@ jobs:
       fail-fast: false
       matrix:
         kubernetesVersion: ["v1.13.12", "v1.18.0"]
-    runs-on: ubuntu-18.04
-    if: github.ref != 'refs/heads/master'
+    runs-on: ubuntu-latest
     steps:
     - name: Checkout
       uses: actions/checkout@v2

From d4aaaed78bd47f097d3e8ae45eb216c928a99444 Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 18:08:11 -0700
Subject: [PATCH 07/11] bump up node wait timeout

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 .github/workflows/test.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 5451557d..0dcc0816 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -32,7 +32,7 @@ jobs:
       with:
         node_image: "kindest/node:${{ matrix.kubernetesVersion }}"
         config: kind-config.yaml
-        wait: 300s
+        wait: 600s
       if: steps.lint.outputs.changed == 'true'
 
     - name: Check kind nodes

From a69eb064779ef3cf17b487aec0c318da89a98b65 Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 18:09:37 -0700
Subject: [PATCH 08/11] bump kind action version

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 .github/workflows/test.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 0dcc0816..1917d8a4 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -28,7 +28,7 @@ jobs:
         config: ct-config.yaml
 
     - name: Install kind
-      uses: helm/kind-action@v1.0.0
+      uses: helm/kind-action@v1.2.0
       with:
         node_image: "kindest/node:${{ matrix.kubernetesVersion }}"
         config: kind-config.yaml

From f99c7a6f7ed26a44e7a67a5429b058bdfab96705 Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 18:43:16 -0700
Subject: [PATCH 09/11] bump kind config api version

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 kind-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kind-config.yaml b/kind-config.yaml
index 3c696b75..ae8cd304 100644
--- a/kind-config.yaml
+++ b/kind-config.yaml
@@ -1,5 +1,5 @@
 kind: Cluster
-apiVersion: kind.sigs.k8s.io/v1alpha3
+apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
   - role: control-plane
   - role: worker

From 80620d0f4b71590cfd4aecab23969c13a34fc425 Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 18:47:36 -0700
Subject: [PATCH 10/11] bump versions of k8s to test with

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 .github/workflows/test.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 1917d8a4..de7cfbcf 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -8,7 +8,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        kubernetesVersion: ["v1.13.12", "v1.18.0"]
+        kubernetesVersion: ["v1.14.10", "v1.22.0"]
     runs-on: ubuntu-latest
     steps:
     - name: Checkout

From 96d20085434e3a650dd899eeb8bf486002e0bfa4 Mon Sep 17 00:00:00 2001
From: Brady Todhunter <bradyt@anchore.com>
Date: Wed, 18 Aug 2021 18:59:26 -0700
Subject: [PATCH 11/11] remove MSRC key value

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
---
 stable/anchore-engine/values.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml
index 232d2526..a497c3cc 100644
--- a/stable/anchore-engine/values.yaml
+++ b/stable/anchore-engine/values.yaml
@@ -734,8 +734,6 @@ anchoreEnterpriseFeeds:
 
   # Enable microsoft feeds
   msrcDriverEnabled: false
-  # For instructions on getting API key, see the msrc section of the Feeds docs - https://docs.anchore.com/current/docs/installation/feeds/
-  msrcApiKey: null
   # Uncomment to add MSRC product IDs for generating their feed data, this extends the pre-defined list of product IDs
   # msrcWhitelist:
   # - 12345