docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

vendor: github.com/docker/scout-cli v1.7.0 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2024-04-16 09:11:36 +02:00
parent f71eddc484
commit 07f433f62b
60 changed files with 1350 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/scout-cli/docker_scout.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout.yaml generated
View File

@ -15,6 +15,7 @@ cname:
- docker scout help
- docker scout integration
- docker scout policy
- docker scout push
- docker scout quickview
- docker scout recommendations
- docker scout repo
@ -30,6 +31,7 @@ clink:
- docker_scout_help.yaml
- docker_scout_integration.yaml
- docker_scout_policy.yaml
- docker_scout_push.yaml
- docker_scout_quickview.yaml
- docker_scout_recommendations.yaml
- docker_scout_repo.yaml

0
data/scout-cli/docker_scout_attestation.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_attestation.yaml generated
View File

0
data/scout-cli/docker_scout_attestation_add.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_attestation_add.yaml generated
View File

0
data/scout-cli/docker_scout_cache.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_cache.yaml generated
View File

0
data/scout-cli/docker_scout_cache_df.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml generated
View File

0
data/scout-cli/docker_scout_cache_prune.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml generated
View File

0
data/scout-cli/docker_scout_compare.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml generated
View File

0
data/scout-cli/docker_scout_config.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_config.yaml generated
View File

0
data/scout-cli/docker_scout_cves.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml generated
View File

0
data/scout-cli/docker_scout_enroll.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_enroll.yaml generated
View File

0
data/scout-cli/docker_scout_environment.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_environment.yaml generated
View File

0
data/scout-cli/docker_scout_help.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_help.yaml generated
View File

0
data/scout-cli/docker_scout_integration.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_integration.yaml generated
View File

0
data/scout-cli/docker_scout_integration_configure.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_integration_configure.yaml generated
View File

0
data/scout-cli/docker_scout_integration_delete.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_integration_delete.yaml generated
View File

0
data/scout-cli/docker_scout_integration_list.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_integration_list.yaml generated
View File

0
data/scout-cli/docker_scout_policy.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml generated
View File

9
data/scout-cli/docker_scout_push.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml generated
View File

@ -34,6 +34,15 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to be pushed
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: sbom
value_type: bool
default_value: "false"

0
data/scout-cli/docker_scout_quickview.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml generated
View File

0
data/scout-cli/docker_scout_recommendations.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml generated
View File

0
data/scout-cli/docker_scout_repo.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_repo.yaml generated
View File

0
data/scout-cli/docker_scout_repo_disable.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml generated
View File

0
data/scout-cli/docker_scout_repo_enable.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml generated
View File

0
data/scout-cli/docker_scout_repo_list.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml generated
View File

0
data/scout-cli/docker_scout_sbom.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml generated
View File

0
data/scout-cli/docker_scout_stream.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_stream.yaml generated
View File

0
data/scout-cli/docker_scout_version.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_version.yaml generated
View File

0
data/scout-cli/docker_scout_watch.yaml → _vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml generated
View File

36
_vendor/github.com/docker/scout-cli/docs/scout.md generated Normal file
View File

@ -0,0 +1,36 @@
# docker scout
```
docker scout COMMAND
```
<!---MARKER_GEN_START-->
Command line tool for Docker Scout
### Subcommands
| Name | Description |
|:----------------------------------------------|:--------------------------------------------------------------------------------------------|
| [`attestation`](scout_attestation.md) | Manage attestations on image indexes |
| [`cache`](scout_cache.md) | Manage Docker Scout cache and temporary files |
| [`compare`](scout_compare.md) | Compare two images and display differences (experimental) |
| [`config`](scout_config.md) | Manage Docker Scout configuration |
| [`cves`](scout_cves.md) | Display CVEs identified in a software artifact |
| [`enroll`](scout_enroll.md) | Enroll an organization with Docker Scout |
| [`environment`](scout_environment.md) | Manage environments (experimental) |
| [`help`](scout_help.md) | Display information about the available commands |
| [`integration`](scout_integration.md) | Commands to list, configure, and delete Docker Scout integrations |
| [`policy`](scout_policy.md) | Evaluate policies against an image and display the policy evaluation results (experimental) |
| [`push`](scout_push.md) | Push an image or image index to Docker Scout (experimental) |
| [`quickview`](scout_quickview.md) | Quick overview of an image |
| [`recommendations`](scout_recommendations.md) | Display available base image updates and remediation recommendations |
| [`repo`](scout_repo.md) | Commands to list, enable, and disable Docker Scout on repositories |
| [`sbom`](scout_sbom.md) | Generate or display SBOM of an image |
| [`stream`](scout_stream.md) | Manage streams (experimental) |
| [`version`](scout_version.md) | Show Docker Scout version information |
| [`watch`](scout_watch.md) | Watch repositories in a registry and push images and indexes to Docker Scout (experimental) |
<!---MARKER_GEN_END-->

19
_vendor/github.com/docker/scout-cli/docs/scout_attestation.md generated Normal file
View File

@ -0,0 +1,19 @@
# docker scout attestation
<!---MARKER_GEN_START-->
Manage attestations on image indexes
### Aliases
`docker scout attestation`, `docker scout attest`
### Subcommands
| Name | Description |
|:----------------------------------|:-------------------------|
| [`add`](scout_attestation_add.md) | Add attestation to image |
<!---MARKER_GEN_END-->

19
_vendor/github.com/docker/scout-cli/docs/scout_attestation_add.md generated Normal file
View File

@ -0,0 +1,19 @@
# docker scout attestation add
<!---MARKER_GEN_START-->
Add attestation to image
### Aliases
`docker scout attestation add`, `docker scout attest add`
### Options
| Name | Type | Default | Description |
|:-------------------|:--------------|:--------|:----------------------------------------|
| `--file` | `stringSlice` | | File location of attestations to attach |
| `--predicate-type` | `string` | | Predicate-type for attestations |
<!---MARKER_GEN_END-->

16
_vendor/github.com/docker/scout-cli/docs/scout_cache.md generated Normal file
View File

@ -0,0 +1,16 @@
# docker scout cache
<!---MARKER_GEN_START-->
Manage Docker Scout cache and temporary files
### Subcommands
| Name | Description |
|:--------------------------------|:--------------------------------|
| [`df`](scout_cache_df.md) | Show Docker Scout disk usage |
| [`prune`](scout_cache_prune.md) | Remove temporary or cached data |
<!---MARKER_GEN_END-->

52
_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md generated Normal file
View File

@ -0,0 +1,52 @@
# docker scout cache df
<!---MARKER_GEN_START-->
Show Docker Scout disk usage
<!---MARKER_GEN_END-->
## Description
Docker Scout uses a temporary cache storage for generating image SBOMs.
The cache helps avoid regenerating or fetching resources unnecessarily.
This `docker scout cache df` command shows the cached data on the host.
Each cache entry is identified by the digest of the image.
You can use the `docker scout cache prune` command to delete cache data at any time.
## Examples
### List temporary and cache files
```console
$ docker scout cache df
Docker Scout temporary directory to generate SBOMs is located at:
/var/folders/dw/d6h9w2sx6rv3lzwwgrnx7t5h0000gp/T/docker-scout
this path can be configured using the DOCKER_SCOUT_CACHE_DIR environment variable
Image Digest │ Size
──────────────────────────────────────────────────────────────────────────┼────────
sha256:c41ab5c992deb4fe7e5da09f67a8804a46bd0592bfdf0b1847dde0e0889d2bff │ 21 kB
Total: 21 kB
Docker Scout cached SBOMs are located at:
/Users/user/.docker/scout/sbom
Image Digest │ Size of SBOM
──────────────────────────────────────────────────────────────────────────┼───────────────
sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11 │ 42 kB
sha256:03fc002fe4f370463a8f04d3a288cdffa861e462fc8b5be44ab62b296ad95183 │ 100 kB
sha256:088134dd33e4a2997480a1488a41c11abebda465da5cf7f305a0ecf8ed494329 │ 194 kB
sha256:0b80b2f17aff7ee5bfb135c69d0d6fe34070e89042b7aac73d1abcc79cfe6759 │ 852 kB
sha256:0c9e8abe31a5f17d84d5c85d3853d2f948a4f126421e89e68753591f1b6fedc5 │ 930 kB
sha256:0d49cae0723c8d310e413736b5e91e0c59b605ade2546f6e6ef8f1f3ddc76066 │ 510 kB
sha256:0ef04748d071c2e631bb3edce8f805cb5512e746b682c83fdae6d8c0b243280b │ 1.0 MB
sha256:13fd22925b638bb7d2131914bb8f8b0f5f582bee364aec682d9e7fe722bb486a │ 42 kB
sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
Total: 4 MB
```

40
_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md generated Normal file
View File

@ -0,0 +1,40 @@
# docker scout cache prune
<!---MARKER_GEN_START-->
Remove temporary or cached data
### Options
| Name | Type | Default | Description |
|:----------------|:-----|:--------|:-------------------------------|
| `-f`, `--force` | | | Do not prompt for confirmation |
| `--sboms` | | | Prune cached SBOMs |
<!---MARKER_GEN_END-->
## Description
The `docker scout cache prune` command removes temporary data and SBOM cache.
By default, `docker scout cache prune` only deletes temporary data.
To delete temporary data and clear the SBOM cache, use the `--sboms` flag.
## Examples
### Delete temporary data
```console
$ docker scout cache prune
? Are you sure to delete all temporary data? Yes
✓ temporary data deleted
```
### Delete temporary _and_ cache data
```console
$ docker scout cache prune --sboms
? Are you sure to delete all temporary data and all cached SBOMs? Yes
✓ temporary data deleted
✓ cached SBOMs deleted
```

108
_vendor/github.com/docker/scout-cli/docs/scout_compare.md generated Normal file
View File

@ -0,0 +1,108 @@
# docker scout compare
<!---MARKER_GEN_START-->
Compare two images and display differences (experimental)
### Aliases
`docker scout compare`, `docker scout diff`
### Options
| Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `-x`, `--exit-on` | `stringSlice` | | Comma separated list of conditions to fail the action step if worse, options are: vulnerability, policy |
| `--format` | `string` | `text` | Output format of the generated vulnerability report:<br>- text: default output, plain text with or without colors depending on the terminal<br>- markdown: Markdown output<br> |
| `--hide-policies` | | | Hide policy status from the output |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--ignore-unchanged` | | | Filter out unchanged packages |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-fixed` | | | Filter to fixable CVEs |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
| `--only-unfixed` | | | Filter to unfixed CVEs |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
| `--to` | `string` | | Image, directory, or archive to compare to |
| `--to-env` | `string` | | Name of environment to compare to |
| `--to-latest` | | | Latest image processed to compare to |
| `--to-ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
<!---MARKER_GEN_END-->
## Description
The `docker scout compare` command analyzes two images and displays a comparison.
> This command is **experimental** and its behaviour might change in the future
The intended use of this command is to compare two versions of the same image.
For instance, when a new image is built and compared to the version running in production.
If no image is specified, the most recently built image is used
as a comparison target.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples
### Compare the most recently built image to the latest tag
```console
$ docker scout compare --to namespace/repo:latest
```
### Compare local build to the same tag from the registry
```console
$ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
```
### Ignore base images
```console
$ docker scout compare --ignore-base --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Generate a markdown output
```console
$ docker scout compare --format markdown --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Only compare maven packages and only display critical vulnerabilities for maven packages
```console
$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Show all policy results for both images
```console
docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
```

38
_vendor/github.com/docker/scout-cli/docs/scout_config.md generated Normal file
View File

@ -0,0 +1,38 @@
# docker scout config
<!---MARKER_GEN_START-->
Manage Docker Scout configuration
<!---MARKER_GEN_END-->
## Description
`docker scout config` allows you to list, get and set Docker Scout configuration.
Available configuration key:
- `organization`: Namespace of the Docker organization to be used by default.
## Examples
### List existing configuration
```console
$ docker scout config
organization=my-org-namespace
```
### Print configuration value
```console
$ docker scout config organization
my-org-namespace
```
### Set configuration value
```console
$ docker scout config organization my-org-namespace
✓ Successfully set organization to my-org-namespace
```

268
_vendor/github.com/docker/scout-cli/docs/scout_cves.md generated Normal file
View File

@ -0,0 +1,268 @@
# docker scout cves
```
docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
```
<!---MARKER_GEN_START-->
Display CVEs identified in a software artifact
### Options
| Name | Type | Default | Description |
|:-----------------------|:--------------|:-----------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--details` | | | Print details on default text output |
| `--env` | `string` | | Name of environment |
| [`--epss`](#epss) | | | Display the EPSS scores and organize the package's CVEs according to their EPSS score |
| `--epss-percentile` | `float32` | `0` | Exclude CVEs with EPSS scores less than the specified percentile (0 to 1) |
| `--epss-score` | `float32` | `0` | Exclude CVEs with EPSS scores less than the specified value (0 to 1) |
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- spdx: json SPDX output<br>- markdown: markdown output (including some html tags like collapsible sections)<br>- sbom: json SBOM output<br> |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--locations` | | | Print package locations including file paths and layer diff_id |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
| `--only-fixed` | | | Filter to fixable CVEs |
| `--only-metric` | `stringSlice` | | Comma separated list of CVSS metrics (like AV:N or PR:L) to filter CVEs by |
| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
| `--only-unfixed` | | | Filter to unfixed CVEs |
| `--only-vex-affected` | | | Filter CVEs by VEX statements with status not affected |
| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
<!---MARKER_GEN_END-->
## Description
The `docker scout cves` command analyzes a software artifact for vulnerabilities.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
## Examples
### Display vulnerabilities grouped by package
```console
$ docker scout cves alpine
Analyzing image alpine
✓ Image stored for indexing
✓ Indexed 18 packages
✓ No vulnerable package detected
```
### Display vulnerabilities from a `docker save` tarball
```console
$ docker save alpine > alpine.tar
$ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar
✓ Archive read
✓ SBOM of image already cached, 18 packages indexed
✓ No vulnerable package detected
```
### Display vulnerabilities from an OCI directory
```console
$ skopeo copy --override-os linux docker://alpine oci:alpine
$ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine
✓ OCI directory read
✓ Image stored for indexing
✓ Indexed 19 packages
✓ No vulnerable package detected
```
### Display vulnerabilities from the current directory
```console
$ docker scout cves fs://.
```
### Export vulnerabilities to a SARIF JSON file
```console
$ docker scout cves --format sarif --output alpine.sarif.json alpine
Analyzing image alpine
✓ SBOM of image already cached, 18 packages indexed
✓ No vulnerable package detected
✓ Report written to alpine.sarif.json
```
### Display markdown output
The following example shows how to generate the vulnerability report as markdown.
```console
$ docker scout cves --format markdown alpine
✓ Pulled
✓ SBOM of image already cached, 19 packages indexed
✗ Detected 1 vulnerable package with 3 vulnerabilities
<h2>:mag: Vulnerabilities of <code>alpine</code></h2>
<details open="true"><summary>:package: Image Reference</strong> <code>alpine</code></summary>
<table>
<tr><td>digest</td><td><code>sha256:e3bd82196e98898cae9fe7fbfd6e2436530485974dc4fb3b7ddb69134eda2407</code></td><tr><tr><td>vulnerabilities</td><td><img alt="critical: 0" src="https://img.shields.io/badge/critical-0-lightgrey"/> <img alt="high: 0" src="https://img.shields.io/badge/high-0-lightgrey"/> <img alt="medium: 2" src="https://img.shields.io/badge/medium-2-fbb552"/> <img alt="low: 0" src="https://img.shields.io/badge/low-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/unspecified-1-lightgrey"/></td></tr>
<tr><td>platform</td><td>linux/arm64</td></tr>
<tr><td>size</td><td>3.3 MB</td></tr>
<tr><td>packages</td><td>19</td></tr>
</table>
</details></table>
</details>
...
```
### List all vulnerable packages of a certain type
The following example shows how to generate a list of packages, only including
packages of the specified type, and only showing packages that are vulnerable.
```console
$ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0
✓ Pulled
✓ SBOM of image already cached, 296 packages indexed
✗ Detected 1 vulnerable package with 40 vulnerabilities
Name Version Type Vulnerabilities
───────────────────────────────────────────────────────────
stdlib 1.18 golang 2C 29H 8M 1L
```
### <a name="epss"></a> Display EPSS score (--epss)
The `--epss` flag adds [Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
scores to the `docker scout cves` output. EPSS scores are estimates of the likelihood (probability)
that a software vulnerability will be exploited in the wild in the next 30 days.
The higher the score, the greater the probability that a vulnerability will be exploited.
```console {hl_lines="13,14"}
$ docker scout cves --epss nginx
✓ Provenance obtained from attestation
✓ SBOM obtained from attestation, 232 packages indexed
✓ Pulled
✗ Detected 23 vulnerable packages with a total of 39 vulnerabilities
...
✗ HIGH CVE-2023-52425
https://scout.docker.com/v/CVE-2023-52425
Affected range : >=2.5.0-1
Fixed version : not fixed
EPSS Score : 0.000510
EPSS Percentile : 0.173680
```
- `EPSS Score` is a floating point number between 0 and 1 representing the probability of exploitation in the wild in the next 30 days (following score publication).
- `EPSS Percentile` is the percentile of the current score, the proportion of all scored vulnerabilities with the same or a lower EPSS score.
You can use the `--epss-score` and `--epss-percentile` flags to filter the output
of `docker scout cves` based on these scores. For example,
to only show vulnerabilities with an EPSS score higher than 0.5:
```console
$ docker scout cves --epss --epss-score 0.5 nginx
✓ SBOM of image already cached, 232 packages indexed
✓ EPSS scores for 2024-03-01 already cached
✗ Detected 1 vulnerable package with 1 vulnerability
...
✗ LOW CVE-2023-44487
https://scout.docker.com/v/CVE-2023-44487
Affected range : >=1.22.1-9
Fixed version : not fixed
EPSS Score : 0.705850
EPSS Percentile : 0.979410
```
EPSS scores are updated on a daily basis.
By default, the latest available score is displayed.
You can use the `--epss-date` flag to manually specify a date
in the format `yyyy-mm-dd` for fetching EPSS scores.
```console
$ docker scout cves --epss --epss-date 2024-01-02 nginx
```
### List vulnerabilities from an SPDX file
The following example shows how to generate a list of vulnerabilities from an SPDX file using `syft`.
```console
$ syft -o spdx-json alpine:3.16.1 | docker scout cves sbom://
✔ Pulled image
✔ Loaded image alpine:3.16.1
✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
├── ✔ Packages [14 packages]
├── ✔ File digests [75 files]
├── ✔ File metadata [75 locations]
└── ✔ Executables [16 executables]
✗ Detected 2 vulnerable packages with a total of 11 vulnerabilities
## Overview
│ Analyzed SBOM
────────────────────┼──────────────────────────────
Target │ <stdin>
digest │ 274a317d88b5
platform │ linux/arm64
vulnerabilities │ 1C 2H 8M 0L
packages │ 15
## Packages and Vulnerabilities
1C 0H 0M 0L zlib 1.2.12-r1
pkg:apk/alpine/zlib@1.2.12-r1?arch=aarch64&distro=alpine-3.16.1
✗ CRITICAL CVE-2022-37434
https://scout.docker.com/v/CVE-2022-37434
Affected range : <1.2.12-r2
Fixed version : 1.2.12-r2
...
11 vulnerabilities found in 2 packages
LOW 0
MEDIUM 8
HIGH 2
CRITICAL 1
```

11
_vendor/github.com/docker/scout-cli/docs/scout_enroll.md generated Normal file
View File

@ -0,0 +1,11 @@
# docker scout enroll
<!---MARKER_GEN_START-->
Enroll an organization with Docker Scout
<!---MARKER_GEN_END-->
## Description
The `docker scout enroll` command enrolls an organization with Docker Scout.

58
_vendor/github.com/docker/scout-cli/docs/scout_environment.md generated Normal file
View File

@ -0,0 +1,58 @@
# docker scout environment
<!---MARKER_GEN_START-->
Manage environments (experimental)
### Aliases
`docker scout environment`, `docker scout env`
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:-------------------------------------|
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to record |
<!---MARKER_GEN_END-->
## Description
The `docker scout environment` command lists the environments.
If you pass an image reference, the image is recorded to the specified environment.
Once recorded, environments can be referred to by their name. For example,
you can refer to the `production` environment with the `docker scout compare`
command as follows:
```console
$ docker scout compare --to-env production
```
## Examples
### List existing environments
```console
$ docker scout environment
prod
staging
```
### List images of an environment
```console
$ docker scout environment staging
namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b
namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f
```
### Record an image to an environment, for a specific platform
```console
$ docker scout environment staging namespace/repo:stage-latest --platform linux/amd64
✓ Pulled
✓ Successfully recorded namespace/repo:stage-latest in environment staging
```

8
_vendor/github.com/docker/scout-cli/docs/scout_help.md generated Normal file
View File

@ -0,0 +1,8 @@
# docker scout help
<!---MARKER_GEN_START-->
Display information about the available commands
<!---MARKER_GEN_END-->

17
_vendor/github.com/docker/scout-cli/docs/scout_integration.md generated Normal file
View File

@ -0,0 +1,17 @@
# docker scout integration
<!---MARKER_GEN_START-->
Commands to list, configure, and delete Docker Scout integrations
### Subcommands
| Name | Description |
|:----------------------------------------------|:----------------------------------------------------|
| [`configure`](scout_integration_configure.md) | Configure or update a new integration configuration |
| [`delete`](scout_integration_delete.md) | Delete a new integration configuration |
| [`list`](scout_integration_list.md) | Integration Docker Scout |
<!---MARKER_GEN_END-->

16
_vendor/github.com/docker/scout-cli/docs/scout_integration_configure.md generated Normal file
View File

@ -0,0 +1,16 @@
# docker scout integration configure
<!---MARKER_GEN_START-->
Configure or update a new integration configuration
### Options
| Name | Type | Default | Description |
|:--------------|:--------------|:--------|:-------------------------------------------------------------|
| `--name` | `string` | | Name of integration configuration to create |
| `--org` | `string` | | Namespace of the Docker organization |
| `--parameter` | `stringSlice` | | Integration parameters in the form of --parameter NAME=VALUE |
<!---MARKER_GEN_END-->

15
_vendor/github.com/docker/scout-cli/docs/scout_integration_delete.md generated Normal file
View File

@ -0,0 +1,15 @@
# docker scout integration delete
<!---MARKER_GEN_START-->
Delete a new integration configuration
### Options
| Name | Type | Default | Description |
|:---------|:---------|:--------|:--------------------------------------------|
| `--name` | `string` | | Name of integration configuration to delete |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

15
_vendor/github.com/docker/scout-cli/docs/scout_integration_list.md generated Normal file
View File

@ -0,0 +1,15 @@
# docker scout integration list
<!---MARKER_GEN_START-->
Integration Docker Scout
### Options
| Name | Type | Default | Description |
|:---------|:---------|:--------|:------------------------------------------|
| `--name` | `string` | | Name of integration configuration to list |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

51
_vendor/github.com/docker/scout-cli/docs/scout_policy.md generated Normal file
View File

@ -0,0 +1,51 @@
# docker scout policy
<!---MARKER_GEN_START-->
Evaluate policies against an image and display the policy evaluation results (experimental)
### Options
| Name | Type | Default | Description |
|:--------------------|:---------|:--------|:------------------------------------------------------------|
| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to pull policy results from |
| `--to-env` | `string` | | Name of the environment to compare to |
| `--to-latest` | | | Latest image processed to compare to |
<!---MARKER_GEN_END-->
## Description
The `docker scout policy` command evaluates policies against an image.
The image analysis is uploaded to Docker Scout where policies get evaluated.
The policy evaluation results may take a few minutes to become available.
## Examples
### Evaluate policies against an image and display the results
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1
```
### Evaluate policies against an image for a specific organization
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy
```
### Evaluate policies against an image with a specific platform
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64
```
### Compare policy results for a repository in a specific environment
```console
$ docker scout policy dockerscoutpolicy/customers-api-service --to-env production
```

30
_vendor/github.com/docker/scout-cli/docs/scout_push.md generated Normal file
View File

@ -0,0 +1,30 @@
# docker scout push
<!---MARKER_GEN_START-->
Push an image or image index to Docker Scout (experimental)
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:-------------------------------------------------------------------|
| `--author` | `string` | | Name of the author of the image |
| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to be pushed |
| `--sbom` | | | Create and upload SBOMs |
| `--timestamp` | `string` | | Timestamp of image or tag creation |
<!---MARKER_GEN_END-->
## Description
The `docker scout push` command lets you push an image or analysis result to Docker Scout.
## Examples
### Push an image to Docker Scout
```console
$ docker scout push --org my-org registry.example.com/repo:tag
```

96
_vendor/github.com/docker/scout-cli/docs/scout_quickview.md generated Normal file
View File

@ -0,0 +1,96 @@
# docker scout quickview
<!---MARKER_GEN_START-->
Quick overview of an image
### Aliases
`docker scout quickview`, `docker scout qv`
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:--------------------------------------------------------------------------------------------------------|
| `--env` | `string` | | Name of the environment |
| `--latest` | | | Latest indexed image |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
<!---MARKER_GEN_END-->
## Description
The `docker scout quickview` command displays a quick overview of an image.
It displays a summary of the vulnerabilities in the specified image
and vulnerabilities from the base image.
If available, it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
## Examples
### Quick overview of an image
```console
$ docker scout quickview golang:1.19.4
...Pulling
✓ Pulled
✓ SBOM of image already cached, 278 packages indexed
Your image golang:1.19.4 │ 5C 3H 6M 63L
Base image buildpack-deps:bullseye-scm │ 5C 1H 3M 48L 6?
Refreshed base image buildpack-deps:bullseye-scm │ 0C 0H 0M 42L
│ -5 -1 -3 -6 -6
Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L
│ -5 -1 -2 -19 -6
```
### Quick overview of the most recently built image
```console
$ docker scout qv
```
### Quick overview from an SPDX file
```console
$ syft -o spdx-json alpine:3.16.1 | docker scout quickview sbom://
✔ Loaded image alpine:3.16.1
✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
├── ✔ Packages [14 packages]
├── ✔ File digests [75 files]
├── ✔ File metadata [75 locations]
└── ✔ Executables [16 executables]
Target │ <stdin> │ 1C 2H 8M 0L
digest │ 274a317d88b5 │
```

71
_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md generated Normal file
View File

@ -0,0 +1,71 @@
# docker scout recommendations
<!---MARKER_GEN_START-->
Display available base image updates and remediation recommendations
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:--------------------------------------------------------------------------------------------------------|
| `--only-refresh` | | | Only display base image refresh recommendations |
| `--only-update` | | | Only display base image update recommendations |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
| `--tag` | `string` | | Specify tag |
<!---MARKER_GEN_END-->
## Description
The `docker scout recommendations` command display recommendations for base images updates.
It analyzes the image and display recommendations to refresh or update the base image.
For each recommendation it shows a list of benefits, such as
fewer vulnerabilities or smaller image size.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples
### Display base image update recommendations
```console
$ docker scout recommendations golang:1.19.4
```
### Display base image refresh only recommendations
```console
$ docker scout recommendations --only-refresh golang:1.19.4
```
### Display base image update only recommendations
```console
$ docker scout recommendations --only-update golang:1.19.4
```

17
_vendor/github.com/docker/scout-cli/docs/scout_repo.md generated Normal file
View File

@ -0,0 +1,17 @@
# docker scout repo
<!---MARKER_GEN_START-->
Commands to list, enable, and disable Docker Scout on repositories
### Subcommands
| Name | Description |
|:-----------------------------------|:-------------------------------|
| [`disable`](scout_repo_disable.md) | Disable Docker Scout |
| [`enable`](scout_repo_enable.md) | Enable Docker Scout |
| [`list`](scout_repo_list.md) | List Docker Scout repositories |
<!---MARKER_GEN_END-->

43
_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md generated Normal file
View File

@ -0,0 +1,43 @@
# docker scout repo disable
<!---MARKER_GEN_START-->
Disable Docker Scout
### Options
| Name | Type | Default | Description |
|:----------------|:---------|:--------|:-----------------------------------------------------------------------------|
| `--all` | | | Disable all repositories of the organization. Can not be used with --filter. |
| `--filter` | `string` | | Regular expression to filter repositories by name |
| `--integration` | `string` | | Name of the integration to use for enabling an image |
| `--org` | `string` | | Namespace of the Docker organization |
| `--registry` | `string` | | Container Registry |
<!---MARKER_GEN_END-->
## Examples
### Disable a specific repository
```console
$ docker scout repo disable my/repository
```
### Disable all repositories of the organization
```console
$ docker scout repo disable --all
```
### Disable some repositories based on a filter
```console
$ docker scout repo disable --filter namespace/backend
```
### Disable a repository from a specific registry
```console
$ docker scout repo disable my/repository --registry 123456.dkr.ecr.us-east-1.amazonaws.com
```

43
_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md generated Normal file
View File

@ -0,0 +1,43 @@
# docker scout repo enable
<!---MARKER_GEN_START-->
Enable Docker Scout
### Options
| Name | Type | Default | Description |
|:----------------|:---------|:--------|:----------------------------------------------------------------------------|
| `--all` | | | Enable all repositories of the organization. Can not be used with --filter. |
| `--filter` | `string` | | Regular expression to filter repositories by name |
| `--integration` | `string` | | Name of the integration to use for enabling an image |
| `--org` | `string` | | Namespace of the Docker organization |
| `--registry` | `string` | | Container Registry |
<!---MARKER_GEN_END-->
## Examples
### Enable a specific repository
```console
$ docker scout repo enable my/repository
```
### Enable all repositories of the organization
```console
$ docker scout repo enable --all
```
### Enable some repositories based on a filter
```console
$ docker scout repo enable --filter namespace/backend
```
### Enable a repository from a specific registry
```console
$ docker scout repo enable my/repository --registry 123456.dkr.ecr.us-east-1.amazonaws.com
```

18
_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md generated Normal file
View File

@ -0,0 +1,18 @@
# docker scout repo list
<!---MARKER_GEN_START-->
List Docker Scout repositories
### Options
| Name | Type | Default | Description |
|:------------------|:---------|:--------|:---------------------------------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name |
| `--only-disabled` | | | Filter to disabled repositories only |
| `--only-enabled` | | | Filter to enabled repositories only |
| `--only-registry` | `string` | | Filter to a specific registry only:<br>- hub.docker.com<br>- ecr (AWS ECR) |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

83
_vendor/github.com/docker/scout-cli/docs/scout_sbom.md generated Normal file
View File

@ -0,0 +1,83 @@
# docker scout sbom
<!---MARKER_GEN_START-->
Generate or display SBOM of an image
### Options
| Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------|
| `--format` | `string` | `json` | Output format:<br>- list: list of packages of the image<br>- json: json representation of the SBOM<br>- spdx: spdx representation of the SBOM |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)<br>Can only be used with --format list |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
<!---MARKER_GEN_END-->
## Description
The `docker scout sbom` command analyzes a software artifact to generate a
Software Bill Of Materials (SBOM).
The SBOM contains a list of all packages in the image.
You can use the `--format` flag to filter the output of the command
to display only packages of a specific type.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples
### Display the list of packages
```console
$ docker scout sbom --format list alpine
```
### Only display packages of a specific type
```console
$ docker scout sbom --format list --only-package-type apk alpine
```
### Display the full SBOM in JSON format
```console
$ docker scout sbom alpine
```
### Display the full SBOM of the most recently built image
```console
$ docker scout sbom
```
### Write SBOM to a file
```console
$ docker scout sbom --output alpine.sbom alpine
```

47
_vendor/github.com/docker/scout-cli/docs/scout_stream.md generated Normal file
View File

@ -0,0 +1,47 @@
# docker scout stream
<!---MARKER_GEN_START-->
Manage streams (experimental)
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:-------------------------------------|
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to record |
<!---MARKER_GEN_END-->
## Description
The `docker scout stream` command lists the deployment streams and records an image to it.
Once recorded, streams can be referred to by their name, eg. in the `docker scout compare` command using `--to-stream`.
## Examples
### List existing streams
```console
$ %[1]s %[2]s
prod-cluster-123
stage-cluster-234
```
### List images of a stream
```console
$ %[1]s %[2]s prod-cluster-123
namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b
namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f
```
### Record an image to a stream, for a specific platform
```console
$ %[1]s %[2]s stage-cluster-234 namespace/repo:stage-latest --platform linux/amd64
✓ Pulled
✓ Successfully recorded namespace/repo:stage-latest in stream stage-cluster-234
```

38
_vendor/github.com/docker/scout-cli/docs/scout_version.md generated Normal file
View File

@ -0,0 +1,38 @@
# docker scout version
```
docker scout version
```
<!---MARKER_GEN_START-->
Show Docker Scout version information
<!---MARKER_GEN_END-->
## Examples
```console
$ docker scout version
⢀⢀⢀ ⣀⣀⡤⣔⢖⣖⢽⢝
⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀ ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅
⡜⡜⡜⡜⡜⡜⠜⠈⠈ ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺
⢘⢜⢜⢜⢜⠜ ⠈⠪⡳⡵⣹⡪⠇
⠨⡪⡪⡪⠂ ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀ ⠘⢝⢮⡚ _____ _
⠱⡱⠁ ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦ ⠘⡵⠁ / ____| Docker | |
⠁ ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣ ⠁ | (___ ___ ___ _ _| |_
⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳ \___ \ / __/ _ \| | | | __|
⢀ ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏ ⡀ ____) | (_| (_) | |_| | |_
⢀⢾⠄ ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝ ⢠⢣⢂ |_____/ \___\___/ \__,_|\__|
⡼⣕⢗⡄ ⠈⠓⠝⢮⡳⣝⠮⠳⠙ ⢠⢢⢣⢣
⢰⡫⡮⡳⣝⢦⡀ ⢀⢔⢕⢕⢕⢕⠅
⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀ ⡀⡠⡢⡣⡣⡣⡣⡣⡃
⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁ ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈
⡯⡳⠳⠝⠊⠓⠉ ⠈⠈⠈⠈
version: v1.0.9 (go1.21.3 - darwin/arm64)
git commit: 8bf95bf60d084af341f70e8263342f71b0a3cd16
```

53
_vendor/github.com/docker/scout-cli/docs/scout_watch.md generated Normal file
View File

@ -0,0 +1,53 @@
# docker scout watch
<!---MARKER_GEN_START-->
Watch repositories in a registry and push images and indexes to Docker Scout (experimental)
### Options
| Name | Type | Default | Description |
|:---------------------|:--------------|:--------|:------------------------------------------------------------------------------------|
| `--all-images` | | | Push all images instead of only the ones pushed during the watch command is running |
| `--dry-run` | | | Watch images and prepare them, but do not push them |
| `--interval` | `int64` | `60` | Interval in seconds between checks |
| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed |
| `--refresh-registry` | | | Refresh the list of repositories of a registry at every run. Only with --registry. |
| `--registry` | `string` | | Registry to watch |
| `--repository` | `stringSlice` | | Repository to watch |
| `--sbom` | | | Create and upload SBOMs |
| `--tag` | `stringSlice` | | Regular expression to match tags to watch |
| `--workers` | `int` | `3` | Number of concurrent workers |
<!---MARKER_GEN_END-->
## Description
The `docker scout watch` command watches repositories in a registry
and pushes images or analysis results to Docker Scout.
## Examples
### Watch for new images from two repositories and push them
```console
$ docker scout watch --org my-org --repository registry-1.example.com/repo-1 --repository registry-2.example.com/repo-2
```
### Only push images with a specific tag
```console
$ docker scout watch --org my-org --repository registry.example.com/my-service --tag latest
```
### Watch all repositories of a registry
```console
$ docker scout watch --org my-org --registry registry.example.com
```
### Push all images and not just the new ones
```console
$ docker scout watch--org my-org --repository registry.example.com/my-service --all-images
```

5
_vendor/modules.txt
View File

@ -1,5 +1,6 @@
# github.com/moby/moby v26.0.0+incompatible
# github.com/moby/buildkit v0.13.0-rc3.0.20240402103816-7cd12732690e
# github.com/docker/buildx v0.0.0-00010101000000-000000000000
# github.com/moby/buildkit v0.13.1
# github.com/docker/buildx v0.13.1
# github.com/docker/cli v26.0.0+incompatible
# github.com/docker/compose/v2 v2.0.0-00010101000000-000000000000
# github.com/docker/scout-cli v1.7.0

2
go.mod
View File

@ -8,6 +8,7 @@ require (
github.com/docker/buildx v0.13.1 // indirect
github.com/docker/cli v26.0.0+incompatible // indirect
github.com/docker/compose/v2 v2.0.0-00010101000000-000000000000 // indirect
github.com/docker/scout-cli v1.7.0 // indirect
github.com/moby/buildkit v0.13.1 // indirect
github.com/moby/moby v26.0.0+incompatible // indirect
)
@ -16,6 +17,7 @@ replace (
github.com/docker/buildx => github.com/docker/buildx v0.13.1
github.com/docker/cli => github.com/docker/cli v26.0.0+incompatible
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.26.1
github.com/docker/scout-cli => github.com/docker/scout-cli v1.7.0
github.com/moby/buildkit => github.com/moby/buildkit v0.13.0-rc3.0.20240402103816-7cd12732690e
github.com/moby/moby => github.com/moby/moby v26.0.0+incompatible
)

2
go.sum
View File

@ -162,6 +162,8 @@ github.com/docker/scout-cli v1.4.1 h1:jRHO3LI3x2eMrvObKC6uadoRATbwZSXm1NafSzo9Cu
github.com/docker/scout-cli v1.4.1/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.6.0 h1:07Kn2d/AshUSUk64ArZzE31lj4h7waGi8tjrFXxMZLY=
github.com/docker/scout-cli v1.6.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.7.0 h1:2dEbQKqkxM6wsJab/Ma3EJacS9ZrkVs1C4KbjXggJjY=
github.com/docker/scout-cli v1.7.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=

6
hugo.yaml
View File

@ -293,3 +293,9 @@ module:
- source: docs/reference
target: data/compose-cli
includeFiles: "*.yaml"
- path: github.com/docker/scout-cli
mounts:
- source: docs
target: data/scout-cli
includeFiles: "*.yaml"