Bot releases are visible (Hide)
--only-policy
filter option to quickview
, policy
and compare
commands.--ignore-suppressed
filter option to cves
and quickview
commands to filter out CVEs affected by Scout suppressions.Published by github-actions[bot] 3 months ago
Only display vulnerabilities from the base image:
$ docker scout cves --only-base IMAGE
Account for VEX in quickview
command.
$ docker scout quickview IMAGE --only-vex-affected --vex-location ./path/to/my.vex.json
uses: docker/scout-action@v1
with:
command: quickview
image: [IMAGE]
only-vex-affected: true
vex-location: ./path/to/my.vex.json
Account for VEX in cves
command (GitHub Actions).
uses: docker/scout-action@v1
with:
command: cves
image: [IMAGE]
only-vex-affected: true
vex-location: ./path/to/my.vex.json
github.com/docker/docker
to v26.1.5+incompatible
to fix CVE-2024-41110.Published by github-actions[bot] 3 months ago
Filter CVEs listed in the CISA Known Exploited Vulnerabilities catalog.
$ docker scout cves [IMAGE] --only-cisa-kev
... (cropped output) ...
## Packages and Vulnerabilities
0C 1H 0M 0L io.netty/netty-codec-http2 4.1.97.Final
pkg:maven/io.netty/[email protected]
✗ HIGH CVE-2023-44487 CISA KEV [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
https://scout.docker.com/v/CVE-2023-44487
Affected range : <4.1.100
Fixed version : 4.1.100.Final
CVSS Score : 7.5
CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
... (cropped output) ...
Add --dry-run
flag for docker scout push
command to not push the image but process it.
Switch to Scout v2 manifest format (application/vnd.scout.manifest.v2+json
) using base64-encoded objects.
Add new binary classifiers for spiped
, swift
, eclipse-mosquitto
and znc
.
Published by github-actions[bot] 4 months ago
irssi
, Backdrop
, CrateDB CLI (Crash)
, monica
, Openliberty
, dumb-init
, friendica
, redmine
sbom://
prefix for image comparison
$ docker scout compare sbom://image1.json --to sbom://image2.json
Published by github-actions[bot] 5 months ago
Published by github-actions[bot] 5 months ago
--format gitlab
on docker scout cves
command docker-build:
# Use the official docker image.
image: docker:cli
stage: build
services:
- docker:dind
variables:
DOCKER_IMAGE_NAME: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
# Install curl and the Docker Scout CLI
- |
apk add --update curl
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
apk del curl
rm -rf /var/cache/apk/*
# Login to Docker Hub required for Docker Scout CLI
- echo "$DOCKER_HUB_PAT" | docker login --username "$DOCKER_HUB_USER" --password-stdin
# All branches are tagged with $DOCKER_IMAGE_NAME (defaults to commit ref slug)
# Default branch is also tagged with `latest`
script:
- docker buildx b --pull -t "$DOCKER_IMAGE_NAME" .
- docker scout cves "$DOCKER_IMAGE_NAME" --format gitlab --output gl-container-scanning-report.json
- docker push "$DOCKER_IMAGE_NAME"
- |
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
docker tag "$DOCKER_IMAGE_NAME" "$CI_REGISTRY_IMAGE:latest"
docker push "$CI_REGISTRY_IMAGE:latest"
fi
# Run this job in a branch where a Dockerfile exists
rules:
- if: $CI_COMMIT_BRANCH
exists:
- Dockerfile
artifacts:
reports:
container_scanning: gl-container-scanning-report.json
docker scout attest add
commanddocker scout quickview
and docker scout recommendations
commands.Published by github-actions[bot] 6 months ago
EPSS Score : 0.000440
EPSS Percentile : 0.092510
EPSS Score : 0.04%
EPSS Percentile : 9th percentile
cves
command when used to analyse a local file system with a markdown output. See https://github.com/docker/scout-cli/issues/113
Published by github-actions[bot] 6 months ago
docker scout push
command: index an image then push the resulting SBOM to Docker Scoutscratch
"images"docker scout sbom://
can read Scout's SBOM
$ docker scout sbom IMAGE | docker scout qv sbom://
Published by github-actions[bot] 7 months ago
Published by github-actions[bot] 7 months ago
Published by github-actions[bot] 7 months ago
v1.6.0
--epss-date
parameter has been removed and docker scout cache prune --epss
has been removed.sbom://
prefixPublished by github-actions[bot] 7 months ago
$ docker scout cves sbom://path/to/sbom.spdx.json
$ docker scout cves sbom://path/to/sbom.syft.json
$ syft -o json alpine | docker scout cves sbom://
--epss
to display and prioritise the CVEs--epss-score
and --epss-percentile
to filter by score and percentile$ docker scout cache prune --epss
docker scout
CLI will now use the cache from Windows side. That way if an image has been indexed for instance by Docker Desktop there's no need anymore to re-index it on WSL2 side.oci-dir
inputcontainerd
image storePublished by github-actions[bot] 7 months ago
General bug fixes and performance improvements
Published by github-actions[bot] 8 months ago
Published by github-actions[bot] 8 months ago
syft
to 0.105.0
gcr.io/distroless
imagesdocker scout push
with an image reference containing a prefix like registry://
Published by eunomie 9 months ago
These notes include changes part of v1.4.0
linux/arm64/v8
but the local platform is only linux/arm64
quickview
and recommendations
commandsdocker scout
to analyse local file system, for instance using docker scout cves fs://.
github.com/gofiber/template
and github.com/gofiber/template/django/v3
, previously the two packages were visible under the same github.com/gofiber/template
name. Now both of them are correctly identifiedPublished by github-actions[bot] 9 months ago
syft
to v0.100.0
in-toto
envelope layer in attestationsroot
user is defined in the image:Published by github-actions[bot] 11 months ago
Published by github-actions[bot] 11 months ago
Published by github-actions[bot] 11 months ago