Bot releases are visible (Hide)
--only-policy
filter option to quickview
, policy
and compare
commands.--ignore-suppressed
filter option to cves
and quickview
commands to filter out CVEs affected by Scout suppressions.Published by github-actions[bot] 3 months ago
Only display vulnerabilities from the base image:
uses: docker/scout-action@v1
with:
command: cves
image: [IMAGE]
only-base: true
Account for VEX in quickview
command.
uses: docker/scout-action@v1
with:
command: quickview
image: [IMAGE]
only-vex-affected: true
vex-location: ./path/to/my.vex.json
Account for VEX in cves
command (GitHub Actions).
uses: docker/scout-action@v1
with:
command: cves
image: [IMAGE]
only-vex-affected: true
vex-location: ./path/to/my.vex.json
github.com/docker/docker
to v26.1.5+incompatible
to fix CVE-2024-41110.Published by github-actions[bot] 3 months ago
uses: docker/scout-action@v1
with:
command: cves
image: [IMAGE]
only-cisa-kev: true
Published by github-actions[bot] 4 months ago
Published by github-actions[bot] 5 months ago
Published by github-actions[bot] 5 months ago
Published by github-actions[bot] 6 months ago
attestation-add
command to GHAuses: docker/scout-action@v1
with:
command: attestation-add
image: IMAGE
file: in-toto.vex.json
predicate-type: https://openvex.dev/ns/v0.2.0
EPSS Score : 0.000440
EPSS Percentile : 0.092510
EPSS Score : 0.04%
EPSS Percentile : 9th percentile
cves
command when used to analyse a local file system with a markdown outputPublished by github-actions[bot] 6 months ago
json
, list
, spdx
) and output file on sbom
command
uses: docker/scout-action@v1
with:
command: sbom
image: alpine
format: list
output: alpine_package_list.txt
scratch
"images"Published by github-actions[bot] 7 months ago
Published by github-actions[bot] 7 months ago
Published by github-actions[bot] 7 months ago
Published by github-actions[bot] 7 months ago
uses: docker/scout-action@v1
with:
command: cves
image: sbom://alpine.spdx.json
uses: docker/scout-action@v1
with:
command: cves
image: sbom://alpine.syft.json
oci-dir
inputcontainerd
image storePublished by github-actions[bot] 7 months ago
General bug fixes and performance improvements
Published by github-actions[bot] 8 months ago
Published by github-actions[bot] 8 months ago
syft
to 0.105.0
gcr.io/distroless
imagesThese notes include changes part of v1.4.0
linux/arm64/v8
but the local platform is only linux/arm64
quickview
and recommendations
commandsdocker scout
to analyse local file system, for instance using docker scout cves fs://.
github.com/gofiber/template
and github.com/gofiber/template/django/v3
, previously the two packages were visible under the same github.com/gofiber/template
name. Now both of them are correctly identifiedsyft
to v0.100.0
in-toto
envelope layer in attestationsPublished by mcapell 11 months ago
Published by eunomie about 1 year ago