diff --git a/data/scout-cli/docker_scout.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml similarity index 96% rename from data/scout-cli/docker_scout.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout.yaml index 57c644c4f8..4204e61c52 100644 --- a/data/scout-cli/docker_scout.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml @@ -15,6 +15,7 @@ cname: - docker scout help - docker scout integration - docker scout policy + - docker scout push - docker scout quickview - docker scout recommendations - docker scout repo @@ -30,6 +31,7 @@ clink: - docker_scout_help.yaml - docker_scout_integration.yaml - docker_scout_policy.yaml + - docker_scout_push.yaml - docker_scout_quickview.yaml - docker_scout_recommendations.yaml - docker_scout_repo.yaml diff --git a/data/scout-cli/docker_scout_attestation.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_attestation.yaml similarity index 100% rename from data/scout-cli/docker_scout_attestation.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_attestation.yaml diff --git a/data/scout-cli/docker_scout_attestation_add.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_attestation_add.yaml similarity index 100% rename from data/scout-cli/docker_scout_attestation_add.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_attestation_add.yaml diff --git a/data/scout-cli/docker_scout_cache.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache.yaml similarity index 100% rename from data/scout-cli/docker_scout_cache.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_cache.yaml diff --git a/data/scout-cli/docker_scout_cache_df.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml similarity index 100% rename from data/scout-cli/docker_scout_cache_df.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml diff --git a/data/scout-cli/docker_scout_cache_prune.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml similarity index 100% rename from data/scout-cli/docker_scout_cache_prune.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml diff --git a/data/scout-cli/docker_scout_compare.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml similarity index 100% rename from data/scout-cli/docker_scout_compare.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml diff --git a/data/scout-cli/docker_scout_config.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_config.yaml similarity index 100% rename from data/scout-cli/docker_scout_config.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_config.yaml diff --git a/data/scout-cli/docker_scout_cves.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml similarity index 100% rename from data/scout-cli/docker_scout_cves.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml diff --git a/data/scout-cli/docker_scout_enroll.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_enroll.yaml similarity index 100% rename from data/scout-cli/docker_scout_enroll.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_enroll.yaml diff --git a/data/scout-cli/docker_scout_environment.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_environment.yaml similarity index 100% rename from data/scout-cli/docker_scout_environment.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_environment.yaml diff --git a/data/scout-cli/docker_scout_help.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_help.yaml similarity index 100% rename from data/scout-cli/docker_scout_help.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_help.yaml diff --git a/data/scout-cli/docker_scout_integration.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration.yaml similarity index 100% rename from data/scout-cli/docker_scout_integration.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_integration.yaml diff --git a/data/scout-cli/docker_scout_integration_configure.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_configure.yaml similarity index 100% rename from data/scout-cli/docker_scout_integration_configure.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_integration_configure.yaml diff --git a/data/scout-cli/docker_scout_integration_delete.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_delete.yaml similarity index 100% rename from data/scout-cli/docker_scout_integration_delete.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_integration_delete.yaml diff --git a/data/scout-cli/docker_scout_integration_list.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_list.yaml similarity index 100% rename from data/scout-cli/docker_scout_integration_list.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_integration_list.yaml diff --git a/data/scout-cli/docker_scout_policy.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml similarity index 100% rename from data/scout-cli/docker_scout_policy.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml diff --git a/data/scout-cli/docker_scout_push.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml similarity index 90% rename from data/scout-cli/docker_scout_push.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml index 3c317532d1..4b1370ce08 100644 --- a/data/scout-cli/docker_scout_push.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml @@ -34,6 +34,15 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: platform + value_type: string + description: Platform of image to be pushed + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: sbom value_type: bool default_value: "false" diff --git a/data/scout-cli/docker_scout_quickview.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml similarity index 100% rename from data/scout-cli/docker_scout_quickview.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml diff --git a/data/scout-cli/docker_scout_recommendations.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml similarity index 100% rename from data/scout-cli/docker_scout_recommendations.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml diff --git a/data/scout-cli/docker_scout_repo.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo.yaml similarity index 100% rename from data/scout-cli/docker_scout_repo.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_repo.yaml diff --git a/data/scout-cli/docker_scout_repo_disable.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml similarity index 100% rename from data/scout-cli/docker_scout_repo_disable.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml diff --git a/data/scout-cli/docker_scout_repo_enable.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml similarity index 100% rename from data/scout-cli/docker_scout_repo_enable.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml diff --git a/data/scout-cli/docker_scout_repo_list.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml similarity index 100% rename from data/scout-cli/docker_scout_repo_list.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml diff --git a/data/scout-cli/docker_scout_sbom.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml similarity index 100% rename from data/scout-cli/docker_scout_sbom.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml diff --git a/data/scout-cli/docker_scout_stream.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_stream.yaml similarity index 100% rename from data/scout-cli/docker_scout_stream.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_stream.yaml diff --git a/data/scout-cli/docker_scout_version.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_version.yaml similarity index 100% rename from data/scout-cli/docker_scout_version.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_version.yaml diff --git a/data/scout-cli/docker_scout_watch.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml similarity index 100% rename from data/scout-cli/docker_scout_watch.yaml rename to _vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml diff --git a/_vendor/github.com/docker/scout-cli/docs/scout.md b/_vendor/github.com/docker/scout-cli/docs/scout.md new file mode 100644 index 0000000000..c2f8f7b3a7 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout.md @@ -0,0 +1,36 @@ +# docker scout + +``` +docker scout COMMAND +``` + + +Command line tool for Docker Scout + +### Subcommands + +| Name | Description | +|:----------------------------------------------|:--------------------------------------------------------------------------------------------| +| [`attestation`](scout_attestation.md) | Manage attestations on image indexes | +| [`cache`](scout_cache.md) | Manage Docker Scout cache and temporary files | +| [`compare`](scout_compare.md) | Compare two images and display differences (experimental) | +| [`config`](scout_config.md) | Manage Docker Scout configuration | +| [`cves`](scout_cves.md) | Display CVEs identified in a software artifact | +| [`enroll`](scout_enroll.md) | Enroll an organization with Docker Scout | +| [`environment`](scout_environment.md) | Manage environments (experimental) | +| [`help`](scout_help.md) | Display information about the available commands | +| [`integration`](scout_integration.md) | Commands to list, configure, and delete Docker Scout integrations | +| [`policy`](scout_policy.md) | Evaluate policies against an image and display the policy evaluation results (experimental) | +| [`push`](scout_push.md) | Push an image or image index to Docker Scout (experimental) | +| [`quickview`](scout_quickview.md) | Quick overview of an image | +| [`recommendations`](scout_recommendations.md) | Display available base image updates and remediation recommendations | +| [`repo`](scout_repo.md) | Commands to list, enable, and disable Docker Scout on repositories | +| [`sbom`](scout_sbom.md) | Generate or display SBOM of an image | +| [`stream`](scout_stream.md) | Manage streams (experimental) | +| [`version`](scout_version.md) | Show Docker Scout version information | +| [`watch`](scout_watch.md) | Watch repositories in a registry and push images and indexes to Docker Scout (experimental) | + + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_attestation.md b/_vendor/github.com/docker/scout-cli/docs/scout_attestation.md new file mode 100644 index 0000000000..d4f6bc5827 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_attestation.md @@ -0,0 +1,19 @@ +# docker scout attestation + + +Manage attestations on image indexes + +### Aliases + +`docker scout attestation`, `docker scout attest` + +### Subcommands + +| Name | Description | +|:----------------------------------|:-------------------------| +| [`add`](scout_attestation_add.md) | Add attestation to image | + + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_attestation_add.md b/_vendor/github.com/docker/scout-cli/docs/scout_attestation_add.md new file mode 100644 index 0000000000..5f09c0fffd --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_attestation_add.md @@ -0,0 +1,19 @@ +# docker scout attestation add + + +Add attestation to image + +### Aliases + +`docker scout attestation add`, `docker scout attest add` + +### Options + +| Name | Type | Default | Description | +|:-------------------|:--------------|:--------|:----------------------------------------| +| `--file` | `stringSlice` | | File location of attestations to attach | +| `--predicate-type` | `string` | | Predicate-type for attestations | + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cache.md b/_vendor/github.com/docker/scout-cli/docs/scout_cache.md new file mode 100644 index 0000000000..9bb212dd3d --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_cache.md @@ -0,0 +1,16 @@ +# docker scout cache + + +Manage Docker Scout cache and temporary files + +### Subcommands + +| Name | Description | +|:--------------------------------|:--------------------------------| +| [`df`](scout_cache_df.md) | Show Docker Scout disk usage | +| [`prune`](scout_cache_prune.md) | Remove temporary or cached data | + + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md b/_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md new file mode 100644 index 0000000000..71dcf99560 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md @@ -0,0 +1,52 @@ +# docker scout cache df + + +Show Docker Scout disk usage + + + + +## Description + +Docker Scout uses a temporary cache storage for generating image SBOMs. +The cache helps avoid regenerating or fetching resources unnecessarily. + +This `docker scout cache df` command shows the cached data on the host. +Each cache entry is identified by the digest of the image. + +You can use the `docker scout cache prune` command to delete cache data at any time. + +## Examples + +### List temporary and cache files + +```console +$ docker scout cache df +Docker Scout temporary directory to generate SBOMs is located at: + /var/folders/dw/d6h9w2sx6rv3lzwwgrnx7t5h0000gp/T/docker-scout + this path can be configured using the DOCKER_SCOUT_CACHE_DIR environment variable + + Image Digest │ Size +──────────────────────────────────────────────────────────────────────────┼──────── + sha256:c41ab5c992deb4fe7e5da09f67a8804a46bd0592bfdf0b1847dde0e0889d2bff │ 21 kB + +Total: 21 kB + + +Docker Scout cached SBOMs are located at: + /Users/user/.docker/scout/sbom + + Image Digest │ Size of SBOM +──────────────────────────────────────────────────────────────────────────┼─────────────── + sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11 │ 42 kB + sha256:03fc002fe4f370463a8f04d3a288cdffa861e462fc8b5be44ab62b296ad95183 │ 100 kB + sha256:088134dd33e4a2997480a1488a41c11abebda465da5cf7f305a0ecf8ed494329 │ 194 kB + sha256:0b80b2f17aff7ee5bfb135c69d0d6fe34070e89042b7aac73d1abcc79cfe6759 │ 852 kB + sha256:0c9e8abe31a5f17d84d5c85d3853d2f948a4f126421e89e68753591f1b6fedc5 │ 930 kB + sha256:0d49cae0723c8d310e413736b5e91e0c59b605ade2546f6e6ef8f1f3ddc76066 │ 510 kB + sha256:0ef04748d071c2e631bb3edce8f805cb5512e746b682c83fdae6d8c0b243280b │ 1.0 MB + sha256:13fd22925b638bb7d2131914bb8f8b0f5f582bee364aec682d9e7fe722bb486a │ 42 kB + sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB + +Total: 4 MB +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md b/_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md new file mode 100644 index 0000000000..7292884c7d --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md @@ -0,0 +1,40 @@ +# docker scout cache prune + + +Remove temporary or cached data + +### Options + +| Name | Type | Default | Description | +|:----------------|:-----|:--------|:-------------------------------| +| `-f`, `--force` | | | Do not prompt for confirmation | +| `--sboms` | | | Prune cached SBOMs | + + + + +## Description + +The `docker scout cache prune` command removes temporary data and SBOM cache. + +By default, `docker scout cache prune` only deletes temporary data. +To delete temporary data and clear the SBOM cache, use the `--sboms` flag. + +## Examples + +### Delete temporary data + +```console +$ docker scout cache prune +? Are you sure to delete all temporary data? Yes + ✓ temporary data deleted +``` + +### Delete temporary _and_ cache data + +```console +$ docker scout cache prune --sboms +? Are you sure to delete all temporary data and all cached SBOMs? Yes + ✓ temporary data deleted + ✓ cached SBOMs deleted +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_compare.md b/_vendor/github.com/docker/scout-cli/docs/scout_compare.md new file mode 100644 index 0000000000..b3530da571 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_compare.md @@ -0,0 +1,108 @@ +# docker scout compare + + +Compare two images and display differences (experimental) + +### Aliases + +`docker scout compare`, `docker scout diff` + +### Options + +| Name | Type | Default | Description | +|:----------------------|:--------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `-x`, `--exit-on` | `stringSlice` | | Comma separated list of conditions to fail the action step if worse, options are: vulnerability, policy | +| `--format` | `string` | `text` | Output format of the generated vulnerability report:
- text: default output, plain text with or without colors depending on the terminal
- markdown: Markdown output
| +| `--hide-policies` | | | Hide policy status from the output | +| `--ignore-base` | | | Filter out CVEs introduced from base image | +| `--ignore-unchanged` | | | Filter out unchanged packages | +| `--multi-stage` | | | Show packages from multi-stage Docker builds | +| `--only-fixed` | | | Filter to fixable CVEs | +| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) | +| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by | +| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names | +| `--only-unfixed` | | | Filter to unfixed CVEs | +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file | +| `--platform` | `string` | | Platform of image to analyze | +| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive | +| `--to` | `string` | | Image, directory, or archive to compare to | +| `--to-env` | `string` | | Name of environment to compare to | +| `--to-latest` | | | Latest image processed to compare to | +| `--to-ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive. | + + + + +## Description + +The `docker scout compare` command analyzes two images and displays a comparison. + +> This command is **experimental** and its behaviour might change in the future + +The intended use of this command is to compare two versions of the same image. +For instance, when a new image is built and compared to the version running in production. + +If no image is specified, the most recently built image is used +as a comparison target. + +The following artifact types are supported: + +- Images +- OCI layout directories +- Tarball archives, as created by `docker save` +- Local directory or file + +By default, the tool expects an image reference, such as: + +- `redis` +- `curlimages/curl:7.87.0` +- `mcr.microsoft.com/dotnet/runtime:7.0` + +If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory, +or if you want to control from where the image will be resolved, you must prefix the reference with one of the following: + +- `image://` (default) use a local image, or fall back to a registry lookup +- `local://` use an image from the local image store (don't do a registry lookup) +- `registry://` use an image from a registry (don't use a local image) +- `oci-dir://` use an OCI layout directory +- `archive://` use a tarball archive, as created by `docker save` +- `fs://` use a local directory or file + +## Examples + +### Compare the most recently built image to the latest tag + +```console +$ docker scout compare --to namespace/repo:latest +``` + +### Compare local build to the same tag from the registry + +```console +$ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest +``` + +### Ignore base images + +```console +$ docker scout compare --ignore-base --to namespace/repo:latest namespace/repo:v1.2.3-pre +``` + +### Generate a markdown output + +```console +$ docker scout compare --format markdown --to namespace/repo:latest namespace/repo:v1.2.3-pre +``` + +### Only compare maven packages and only display critical vulnerabilities for maven packages + +```console +$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre +``` + +### Show all policy results for both images + +```console +docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_config.md b/_vendor/github.com/docker/scout-cli/docs/scout_config.md new file mode 100644 index 0000000000..1a6e8b69c9 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_config.md @@ -0,0 +1,38 @@ +# docker scout config + + +Manage Docker Scout configuration + + + + +## Description + +`docker scout config` allows you to list, get and set Docker Scout configuration. + +Available configuration key: + +- `organization`: Namespace of the Docker organization to be used by default. + +## Examples + +### List existing configuration + +```console +$ docker scout config +organization=my-org-namespace +``` + +### Print configuration value + +```console +$ docker scout config organization +my-org-namespace +``` + +### Set configuration value + +```console +$ docker scout config organization my-org-namespace + ✓ Successfully set organization to my-org-namespace +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md new file mode 100644 index 0000000000..b8f119d8a9 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md @@ -0,0 +1,268 @@ +# docker scout cves + +``` +docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE] +``` + + +Display CVEs identified in a software artifact + +### Options + +| Name | Type | Default | Description | +|:-----------------------|:--------------|:-----------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `--details` | | | Print details on default text output | +| `--env` | `string` | | Name of environment | +| [`--epss`](#epss) | | | Display the EPSS scores and organize the package's CVEs according to their EPSS score | +| `--epss-percentile` | `float32` | `0` | Exclude CVEs with EPSS scores less than the specified percentile (0 to 1) | +| `--epss-score` | `float32` | `0` | Exclude CVEs with EPSS scores less than the specified value (0 to 1) | +| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected | +| `--format` | `string` | `packages` | Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- spdx: json SPDX output
- markdown: markdown output (including some html tags like collapsible sections)
- sbom: json SBOM output
| +| `--ignore-base` | | | Filter out CVEs introduced from base image | +| `--locations` | | | Print package locations including file paths and layer diff_id | +| `--multi-stage` | | | Show packages from multi-stage Docker builds | +| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for | +| `--only-fixed` | | | Filter to fixable CVEs | +| `--only-metric` | `stringSlice` | | Comma separated list of CVSS metrics (like AV:N or PR:L) to filter CVEs by | +| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by | +| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) | +| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by | +| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names | +| `--only-unfixed` | | | Filter to unfixed CVEs | +| `--only-vex-affected` | | | Filter CVEs by VEX statements with status not affected | +| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities | +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file | +| `--platform` | `string` | | Platform of image to analyze | +| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive | +| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept | +| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements | + + + + +## Description + +The `docker scout cves` command analyzes a software artifact for vulnerabilities. + +If no image is specified, the most recently built image is used. + +The following artifact types are supported: + +- Images +- OCI layout directories +- Tarball archives, as created by `docker save` +- Local directory or file + +By default, the tool expects an image reference, such as: + +- `redis` +- `curlimages/curl:7.87.0` +- `mcr.microsoft.com/dotnet/runtime:7.0` + +If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory, +or if you want to control from where the image will be resolved, you must prefix the reference with one of the following: + +- `image://` (default) use a local image, or fall back to a registry lookup +- `local://` use an image from the local image store (don't do a registry lookup) +- `registry://` use an image from a registry (don't use a local image) +- `oci-dir://` use an OCI layout directory +- `archive://` use a tarball archive, as created by `docker save` +- `fs://` use a local directory or file +- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file + In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input. + +## Examples + +### Display vulnerabilities grouped by package + +```console +$ docker scout cves alpine +Analyzing image alpine +✓ Image stored for indexing +✓ Indexed 18 packages +✓ No vulnerable package detected +``` + +### Display vulnerabilities from a `docker save` tarball + +```console +$ docker save alpine > alpine.tar + +$ docker scout cves archive://alpine.tar +Analyzing archive alpine.tar +✓ Archive read +✓ SBOM of image already cached, 18 packages indexed +✓ No vulnerable package detected +``` + +### Display vulnerabilities from an OCI directory + +```console +$ skopeo copy --override-os linux docker://alpine oci:alpine + +$ docker scout cves oci-dir://alpine +Analyzing OCI directory alpine +✓ OCI directory read +✓ Image stored for indexing +✓ Indexed 19 packages +✓ No vulnerable package detected +``` + +### Display vulnerabilities from the current directory + +```console +$ docker scout cves fs://. +``` + +### Export vulnerabilities to a SARIF JSON file + +```console +$ docker scout cves --format sarif --output alpine.sarif.json alpine +Analyzing image alpine +✓ SBOM of image already cached, 18 packages indexed +✓ No vulnerable package detected +✓ Report written to alpine.sarif.json +``` + +### Display markdown output + +The following example shows how to generate the vulnerability report as markdown. + +```console +$ docker scout cves --format markdown alpine +✓ Pulled +✓ SBOM of image already cached, 19 packages indexed +✗ Detected 1 vulnerable package with 3 vulnerabilities +

:mag: Vulnerabilities of alpine

+ +
:package: Image Reference alpine + + + + + +
digestsha256:e3bd82196e98898cae9fe7fbfd6e2436530485974dc4fb3b7ddb69134eda2407
vulnerabilitiescritical: 0 high: 0 medium: 2 low: 0 unspecified: 1
platformlinux/arm64
size3.3 MB
packages19
+
+ +... +``` + +### List all vulnerable packages of a certain type + +The following example shows how to generate a list of packages, only including +packages of the specified type, and only showing packages that are vulnerable. + +```console +$ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0 +✓ Pulled +✓ SBOM of image already cached, 296 packages indexed +✗ Detected 1 vulnerable package with 40 vulnerabilities + +Name Version Type Vulnerabilities +─────────────────────────────────────────────────────────── +stdlib 1.18 golang 2C 29H 8M 1L +``` + +### Display EPSS score (--epss) + +The `--epss` flag adds [Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/) +scores to the `docker scout cves` output. EPSS scores are estimates of the likelihood (probability) +that a software vulnerability will be exploited in the wild in the next 30 days. +The higher the score, the greater the probability that a vulnerability will be exploited. + +```console {hl_lines="13,14"} +$ docker scout cves --epss nginx + ✓ Provenance obtained from attestation + ✓ SBOM obtained from attestation, 232 packages indexed + ✓ Pulled + ✗ Detected 23 vulnerable packages with a total of 39 vulnerabilities + +... + + ✗ HIGH CVE-2023-52425 + https://scout.docker.com/v/CVE-2023-52425 + Affected range : >=2.5.0-1 + Fixed version : not fixed + EPSS Score : 0.000510 + EPSS Percentile : 0.173680 +``` + +- `EPSS Score` is a floating point number between 0 and 1 representing the probability of exploitation in the wild in the next 30 days (following score publication). +- `EPSS Percentile` is the percentile of the current score, the proportion of all scored vulnerabilities with the same or a lower EPSS score. + +You can use the `--epss-score` and `--epss-percentile` flags to filter the output +of `docker scout cves` based on these scores. For example, +to only show vulnerabilities with an EPSS score higher than 0.5: + +```console +$ docker scout cves --epss --epss-score 0.5 nginx + ✓ SBOM of image already cached, 232 packages indexed + ✓ EPSS scores for 2024-03-01 already cached + ✗ Detected 1 vulnerable package with 1 vulnerability + +... + + ✗ LOW CVE-2023-44487 + https://scout.docker.com/v/CVE-2023-44487 + Affected range : >=1.22.1-9 + Fixed version : not fixed + EPSS Score : 0.705850 + EPSS Percentile : 0.979410 +``` + +EPSS scores are updated on a daily basis. +By default, the latest available score is displayed. +You can use the `--epss-date` flag to manually specify a date +in the format `yyyy-mm-dd` for fetching EPSS scores. + +```console +$ docker scout cves --epss --epss-date 2024-01-02 nginx +``` + +### List vulnerabilities from an SPDX file + +The following example shows how to generate a list of vulnerabilities from an SPDX file using `syft`. + +```console +$ syft -o spdx-json alpine:3.16.1 | docker scout cves sbom:// + ✔ Pulled image + ✔ Loaded image alpine:3.16.1 + ✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d + ✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f + ├── ✔ Packages [14 packages] + ├── ✔ File digests [75 files] + ├── ✔ File metadata [75 locations] + └── ✔ Executables [16 executables] + ✗ Detected 2 vulnerable packages with a total of 11 vulnerabilities + + +## Overview + + │ Analyzed SBOM +────────────────────┼────────────────────────────── + Target │ + digest │ 274a317d88b5 + platform │ linux/arm64 + vulnerabilities │ 1C 2H 8M 0L + packages │ 15 + + +## Packages and Vulnerabilities + + 1C 0H 0M 0L zlib 1.2.12-r1 +pkg:apk/alpine/zlib@1.2.12-r1?arch=aarch64&distro=alpine-3.16.1 + + ✗ CRITICAL CVE-2022-37434 + https://scout.docker.com/v/CVE-2022-37434 + Affected range : <1.2.12-r2 + Fixed version : 1.2.12-r2 + + ... + +11 vulnerabilities found in 2 packages + LOW 0 + MEDIUM 8 + HIGH 2 + CRITICAL 1 +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_enroll.md b/_vendor/github.com/docker/scout-cli/docs/scout_enroll.md new file mode 100644 index 0000000000..b60fd3471f --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_enroll.md @@ -0,0 +1,11 @@ +# docker scout enroll + + +Enroll an organization with Docker Scout + + + + +## Description + +The `docker scout enroll` command enrolls an organization with Docker Scout. diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_environment.md b/_vendor/github.com/docker/scout-cli/docs/scout_environment.md new file mode 100644 index 0000000000..4f019ff35c --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_environment.md @@ -0,0 +1,58 @@ +# docker scout environment + + +Manage environments (experimental) + +### Aliases + +`docker scout environment`, `docker scout env` + +### Options + +| Name | Type | Default | Description | +|:-----------------|:---------|:--------|:-------------------------------------| +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file | +| `--platform` | `string` | | Platform of image to record | + + + + +## Description + +The `docker scout environment` command lists the environments. +If you pass an image reference, the image is recorded to the specified environment. + +Once recorded, environments can be referred to by their name. For example, +you can refer to the `production` environment with the `docker scout compare` +command as follows: + +```console +$ docker scout compare --to-env production +``` + +## Examples + +### List existing environments + +```console +$ docker scout environment +prod +staging +``` + +### List images of an environment + +```console +$ docker scout environment staging +namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b +namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f +``` + +### Record an image to an environment, for a specific platform + +```console +$ docker scout environment staging namespace/repo:stage-latest --platform linux/amd64 +✓ Pulled +✓ Successfully recorded namespace/repo:stage-latest in environment staging +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_help.md b/_vendor/github.com/docker/scout-cli/docs/scout_help.md new file mode 100644 index 0000000000..ec152c6aaf --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_help.md @@ -0,0 +1,8 @@ +# docker scout help + + +Display information about the available commands + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_integration.md b/_vendor/github.com/docker/scout-cli/docs/scout_integration.md new file mode 100644 index 0000000000..9a2def3a0b --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_integration.md @@ -0,0 +1,17 @@ +# docker scout integration + + +Commands to list, configure, and delete Docker Scout integrations + +### Subcommands + +| Name | Description | +|:----------------------------------------------|:----------------------------------------------------| +| [`configure`](scout_integration_configure.md) | Configure or update a new integration configuration | +| [`delete`](scout_integration_delete.md) | Delete a new integration configuration | +| [`list`](scout_integration_list.md) | Integration Docker Scout | + + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_integration_configure.md b/_vendor/github.com/docker/scout-cli/docs/scout_integration_configure.md new file mode 100644 index 0000000000..521193ae3b --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_integration_configure.md @@ -0,0 +1,16 @@ +# docker scout integration configure + + +Configure or update a new integration configuration + +### Options + +| Name | Type | Default | Description | +|:--------------|:--------------|:--------|:-------------------------------------------------------------| +| `--name` | `string` | | Name of integration configuration to create | +| `--org` | `string` | | Namespace of the Docker organization | +| `--parameter` | `stringSlice` | | Integration parameters in the form of --parameter NAME=VALUE | + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_integration_delete.md b/_vendor/github.com/docker/scout-cli/docs/scout_integration_delete.md new file mode 100644 index 0000000000..0a68c8adca --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_integration_delete.md @@ -0,0 +1,15 @@ +# docker scout integration delete + + +Delete a new integration configuration + +### Options + +| Name | Type | Default | Description | +|:---------|:---------|:--------|:--------------------------------------------| +| `--name` | `string` | | Name of integration configuration to delete | +| `--org` | `string` | | Namespace of the Docker organization | + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_integration_list.md b/_vendor/github.com/docker/scout-cli/docs/scout_integration_list.md new file mode 100644 index 0000000000..67b39c59fc --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_integration_list.md @@ -0,0 +1,15 @@ +# docker scout integration list + + +Integration Docker Scout + +### Options + +| Name | Type | Default | Description | +|:---------|:---------|:--------|:------------------------------------------| +| `--name` | `string` | | Name of integration configuration to list | +| `--org` | `string` | | Namespace of the Docker organization | + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_policy.md b/_vendor/github.com/docker/scout-cli/docs/scout_policy.md new file mode 100644 index 0000000000..5da8fca8ba --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_policy.md @@ -0,0 +1,51 @@ +# docker scout policy + + +Evaluate policies against an image and display the policy evaluation results (experimental) + +### Options + +| Name | Type | Default | Description | +|:--------------------|:---------|:--------|:------------------------------------------------------------| +| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise | +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file | +| `--platform` | `string` | | Platform of image to pull policy results from | +| `--to-env` | `string` | | Name of the environment to compare to | +| `--to-latest` | | | Latest image processed to compare to | + + + + +## Description + +The `docker scout policy` command evaluates policies against an image. +The image analysis is uploaded to Docker Scout where policies get evaluated. + +The policy evaluation results may take a few minutes to become available. + +## Examples + +### Evaluate policies against an image and display the results + +```console +$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 +``` + +### Evaluate policies against an image for a specific organization + +```console +$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy +``` + +### Evaluate policies against an image with a specific platform + +```console +$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64 +``` + +### Compare policy results for a repository in a specific environment + +```console +$ docker scout policy dockerscoutpolicy/customers-api-service --to-env production +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_push.md b/_vendor/github.com/docker/scout-cli/docs/scout_push.md new file mode 100644 index 0000000000..6ddfeda0e3 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_push.md @@ -0,0 +1,30 @@ +# docker scout push + + +Push an image or image index to Docker Scout (experimental) + +### Options + +| Name | Type | Default | Description | +|:-----------------|:---------|:--------|:-------------------------------------------------------------------| +| `--author` | `string` | | Name of the author of the image | +| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed | +| `-o`, `--output` | `string` | | Write the report to a file | +| `--platform` | `string` | | Platform of image to be pushed | +| `--sbom` | | | Create and upload SBOMs | +| `--timestamp` | `string` | | Timestamp of image or tag creation | + + + + +## Description + +The `docker scout push` command lets you push an image or analysis result to Docker Scout. + +## Examples + +### Push an image to Docker Scout + +```console +$ docker scout push --org my-org registry.example.com/repo:tag +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md new file mode 100644 index 0000000000..a8f4880bbb --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md @@ -0,0 +1,96 @@ +# docker scout quickview + + +Quick overview of an image + +### Aliases + +`docker scout quickview`, `docker scout qv` + +### Options + +| Name | Type | Default | Description | +|:-----------------|:---------|:--------|:--------------------------------------------------------------------------------------------------------| +| `--env` | `string` | | Name of the environment | +| `--latest` | | | Latest indexed image | +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file | +| `--platform` | `string` | | Platform of image to analyze | +| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive | + + + + +## Description + +The `docker scout quickview` command displays a quick overview of an image. +It displays a summary of the vulnerabilities in the specified image +and vulnerabilities from the base image. +If available, it also displays base image refresh and update recommendations. + +If no image is specified, the most recently built image is used. + +The following artifact types are supported: + +- Images +- OCI layout directories +- Tarball archives, as created by `docker save` +- Local directory or file + +By default, the tool expects an image reference, such as: + +- `redis` +- `curlimages/curl:7.87.0` +- `mcr.microsoft.com/dotnet/runtime:7.0` + +If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory, +or if you want to control from where the image will be resolved, you must prefix the reference with one of the following: + +- `image://` (default) use a local image, or fall back to a registry lookup +- `local://` use an image from the local image store (don't do a registry lookup) +- `registry://` use an image from a registry (don't use a local image) +- `oci-dir://` use an OCI layout directory +- `archive://` use a tarball archive, as created by `docker save` +- `fs://` use a local directory or file +- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file + In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input. + +## Examples + +### Quick overview of an image + +```console +$ docker scout quickview golang:1.19.4 + ...Pulling + ✓ Pulled + ✓ SBOM of image already cached, 278 packages indexed + + Your image golang:1.19.4 │ 5C 3H 6M 63L + Base image buildpack-deps:bullseye-scm │ 5C 1H 3M 48L 6? + Refreshed base image buildpack-deps:bullseye-scm │ 0C 0H 0M 42L + │ -5 -1 -3 -6 -6 + Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L + │ -5 -1 -2 -19 -6 +``` + +### Quick overview of the most recently built image + +```console +$ docker scout qv +``` + +### Quick overview from an SPDX file + +```console +$ syft -o spdx-json alpine:3.16.1 | docker scout quickview sbom:// + ✔ Loaded image alpine:3.16.1 + ✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d + ✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f + ├── ✔ Packages [14 packages] + ├── ✔ File digests [75 files] + ├── ✔ File metadata [75 locations] + └── ✔ Executables [16 executables] + + Target │ │ 1C 2H 8M 0L + digest │ 274a317d88b5 │ +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md b/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md new file mode 100644 index 0000000000..f1ccdf64fe --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md @@ -0,0 +1,71 @@ +# docker scout recommendations + + +Display available base image updates and remediation recommendations + +### Options + +| Name | Type | Default | Description | +|:-----------------|:---------|:--------|:--------------------------------------------------------------------------------------------------------| +| `--only-refresh` | | | Only display base image refresh recommendations | +| `--only-update` | | | Only display base image update recommendations | +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file | +| `--platform` | `string` | | Platform of image to analyze | +| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive | +| `--tag` | `string` | | Specify tag | + + + + +## Description + +The `docker scout recommendations` command display recommendations for base images updates. +It analyzes the image and display recommendations to refresh or update the base image. +For each recommendation it shows a list of benefits, such as +fewer vulnerabilities or smaller image size. + +If no image is specified, the most recently built image is used. + +The following artifact types are supported: + +- Images +- OCI layout directories +- Tarball archives, as created by `docker save` +- Local directory or file + +By default, the tool expects an image reference, such as: + +- `redis` +- `curlimages/curl:7.87.0` +- `mcr.microsoft.com/dotnet/runtime:7.0` + +If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory, +or if you want to control from where the image will be resolved, you must prefix the reference with one of the following: + +- `image://` (default) use a local image, or fall back to a registry lookup +- `local://` use an image from the local image store (don't do a registry lookup) +- `registry://` use an image from a registry (don't use a local image) +- `oci-dir://` use an OCI layout directory +- `archive://` use a tarball archive, as created by `docker save` +- `fs://` use a local directory or file + +## Examples + +### Display base image update recommendations + +```console +$ docker scout recommendations golang:1.19.4 +``` + +### Display base image refresh only recommendations + +```console +$ docker scout recommendations --only-refresh golang:1.19.4 +``` + +### Display base image update only recommendations + +```console +$ docker scout recommendations --only-update golang:1.19.4 +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_repo.md b/_vendor/github.com/docker/scout-cli/docs/scout_repo.md new file mode 100644 index 0000000000..1f2038ea75 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_repo.md @@ -0,0 +1,17 @@ +# docker scout repo + + +Commands to list, enable, and disable Docker Scout on repositories + +### Subcommands + +| Name | Description | +|:-----------------------------------|:-------------------------------| +| [`disable`](scout_repo_disable.md) | Disable Docker Scout | +| [`enable`](scout_repo_enable.md) | Enable Docker Scout | +| [`list`](scout_repo_list.md) | List Docker Scout repositories | + + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md b/_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md new file mode 100644 index 0000000000..24842906b8 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md @@ -0,0 +1,43 @@ +# docker scout repo disable + + +Disable Docker Scout + +### Options + +| Name | Type | Default | Description | +|:----------------|:---------|:--------|:-----------------------------------------------------------------------------| +| `--all` | | | Disable all repositories of the organization. Can not be used with --filter. | +| `--filter` | `string` | | Regular expression to filter repositories by name | +| `--integration` | `string` | | Name of the integration to use for enabling an image | +| `--org` | `string` | | Namespace of the Docker organization | +| `--registry` | `string` | | Container Registry | + + + + +## Examples + +### Disable a specific repository + +```console +$ docker scout repo disable my/repository +``` + +### Disable all repositories of the organization + +```console +$ docker scout repo disable --all +``` + +### Disable some repositories based on a filter + +```console +$ docker scout repo disable --filter namespace/backend +``` + +### Disable a repository from a specific registry + +```console +$ docker scout repo disable my/repository --registry 123456.dkr.ecr.us-east-1.amazonaws.com +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md b/_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md new file mode 100644 index 0000000000..3065a68bcc --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md @@ -0,0 +1,43 @@ +# docker scout repo enable + + +Enable Docker Scout + +### Options + +| Name | Type | Default | Description | +|:----------------|:---------|:--------|:----------------------------------------------------------------------------| +| `--all` | | | Enable all repositories of the organization. Can not be used with --filter. | +| `--filter` | `string` | | Regular expression to filter repositories by name | +| `--integration` | `string` | | Name of the integration to use for enabling an image | +| `--org` | `string` | | Namespace of the Docker organization | +| `--registry` | `string` | | Container Registry | + + + + +## Examples + +### Enable a specific repository + +```console +$ docker scout repo enable my/repository +``` + +### Enable all repositories of the organization + +```console +$ docker scout repo enable --all +``` + +### Enable some repositories based on a filter + +```console +$ docker scout repo enable --filter namespace/backend +``` + +### Enable a repository from a specific registry + +```console +$ docker scout repo enable my/repository --registry 123456.dkr.ecr.us-east-1.amazonaws.com +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md b/_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md new file mode 100644 index 0000000000..1e2d740574 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md @@ -0,0 +1,18 @@ +# docker scout repo list + + +List Docker Scout repositories + +### Options + +| Name | Type | Default | Description | +|:------------------|:---------|:--------|:---------------------------------------------------------------------------| +| `--filter` | `string` | | Regular expression to filter repositories by name | +| `--only-disabled` | | | Filter to disabled repositories only | +| `--only-enabled` | | | Filter to enabled repositories only | +| `--only-registry` | `string` | | Filter to a specific registry only:
- hub.docker.com
- ecr (AWS ECR) | +| `--org` | `string` | | Namespace of the Docker organization | + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md b/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md new file mode 100644 index 0000000000..bda5eb3d5b --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md @@ -0,0 +1,83 @@ +# docker scout sbom + + +Generate or display SBOM of an image + +### Options + +| Name | Type | Default | Description | +|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------| +| `--format` | `string` | `json` | Output format:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM | +| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
Can only be used with --format list | +| `-o`, `--output` | `string` | | Write the report to a file | +| `--platform` | `string` | | Platform of image to analyze | +| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive | + + + + +## Description + +The `docker scout sbom` command analyzes a software artifact to generate a +Software Bill Of Materials (SBOM). + +The SBOM contains a list of all packages in the image. +You can use the `--format` flag to filter the output of the command +to display only packages of a specific type. + +If no image is specified, the most recently built image is used. + +The following artifact types are supported: + +- Images +- OCI layout directories +- Tarball archives, as created by `docker save` +- Local directory or file + +By default, the tool expects an image reference, such as: + +- `redis` +- `curlimages/curl:7.87.0` +- `mcr.microsoft.com/dotnet/runtime:7.0` + +If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory, +or if you want to control from where the image will be resolved, you must prefix the reference with one of the following: + +- `image://` (default) use a local image, or fall back to a registry lookup +- `local://` use an image from the local image store (don't do a registry lookup) +- `registry://` use an image from a registry (don't use a local image) +- `oci-dir://` use an OCI layout directory +- `archive://` use a tarball archive, as created by `docker save` +- `fs://` use a local directory or file + +## Examples + +### Display the list of packages + +```console +$ docker scout sbom --format list alpine +``` + +### Only display packages of a specific type + +```console + $ docker scout sbom --format list --only-package-type apk alpine +``` + +### Display the full SBOM in JSON format + +```console +$ docker scout sbom alpine +``` + +### Display the full SBOM of the most recently built image + +```console +$ docker scout sbom +``` + +### Write SBOM to a file + +```console +$ docker scout sbom --output alpine.sbom alpine +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_stream.md b/_vendor/github.com/docker/scout-cli/docs/scout_stream.md new file mode 100644 index 0000000000..886df3e6cf --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_stream.md @@ -0,0 +1,47 @@ +# docker scout stream + + +Manage streams (experimental) + +### Options + +| Name | Type | Default | Description | +|:-----------------|:---------|:--------|:-------------------------------------| +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file | +| `--platform` | `string` | | Platform of image to record | + + + + +## Description + +The `docker scout stream` command lists the deployment streams and records an image to it. + +Once recorded, streams can be referred to by their name, eg. in the `docker scout compare` command using `--to-stream`. + +## Examples + +### List existing streams + +```console +$ %[1]s %[2]s +prod-cluster-123 +stage-cluster-234 +``` + +### List images of a stream + +```console +$ %[1]s %[2]s prod-cluster-123 +namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b +namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f +``` + +### Record an image to a stream, for a specific platform + +```console +$ %[1]s %[2]s stage-cluster-234 namespace/repo:stage-latest --platform linux/amd64 +✓ Pulled +✓ Successfully recorded namespace/repo:stage-latest in stream stage-cluster-234 +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_version.md b/_vendor/github.com/docker/scout-cli/docs/scout_version.md new file mode 100644 index 0000000000..5365123c05 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_version.md @@ -0,0 +1,38 @@ +# docker scout version + +``` +docker scout version +``` + + +Show Docker Scout version information + + + + +## Examples + +```console +$ docker scout version + + ⢀⢀⢀ ⣀⣀⡤⣔⢖⣖⢽⢝ + ⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀ ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅ + ⡜⡜⡜⡜⡜⡜⠜⠈⠈ ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺ + ⢘⢜⢜⢜⢜⠜ ⠈⠪⡳⡵⣹⡪⠇ + ⠨⡪⡪⡪⠂ ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀ ⠘⢝⢮⡚ _____ _ + ⠱⡱⠁ ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦ ⠘⡵⠁ / ____| Docker | | + ⠁ ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣ ⠁ | (___ ___ ___ _ _| |_ + ⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳ \___ \ / __/ _ \| | | | __| + ⢀ ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏ ⡀ ____) | (_| (_) | |_| | |_ + ⢀⢾⠄ ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝ ⢠⢣⢂ |_____/ \___\___/ \__,_|\__| + ⡼⣕⢗⡄ ⠈⠓⠝⢮⡳⣝⠮⠳⠙ ⢠⢢⢣⢣ + ⢰⡫⡮⡳⣝⢦⡀ ⢀⢔⢕⢕⢕⢕⠅ + ⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀ ⡀⡠⡢⡣⡣⡣⡣⡣⡃ +⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁ ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈ +⡯⡳⠳⠝⠊⠓⠉ ⠈⠈⠈⠈ + + + +version: v1.0.9 (go1.21.3 - darwin/arm64) +git commit: 8bf95bf60d084af341f70e8263342f71b0a3cd16 +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_watch.md b/_vendor/github.com/docker/scout-cli/docs/scout_watch.md new file mode 100644 index 0000000000..2444ce3c43 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_watch.md @@ -0,0 +1,53 @@ +# docker scout watch + + +Watch repositories in a registry and push images and indexes to Docker Scout (experimental) + +### Options + +| Name | Type | Default | Description | +|:---------------------|:--------------|:--------|:------------------------------------------------------------------------------------| +| `--all-images` | | | Push all images instead of only the ones pushed during the watch command is running | +| `--dry-run` | | | Watch images and prepare them, but do not push them | +| `--interval` | `int64` | `60` | Interval in seconds between checks | +| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed | +| `--refresh-registry` | | | Refresh the list of repositories of a registry at every run. Only with --registry. | +| `--registry` | `string` | | Registry to watch | +| `--repository` | `stringSlice` | | Repository to watch | +| `--sbom` | | | Create and upload SBOMs | +| `--tag` | `stringSlice` | | Regular expression to match tags to watch | +| `--workers` | `int` | `3` | Number of concurrent workers | + + + + +## Description + +The `docker scout watch` command watches repositories in a registry +and pushes images or analysis results to Docker Scout. + +## Examples + +### Watch for new images from two repositories and push them + +```console +$ docker scout watch --org my-org --repository registry-1.example.com/repo-1 --repository registry-2.example.com/repo-2 +``` + +### Only push images with a specific tag + +```console +$ docker scout watch --org my-org --repository registry.example.com/my-service --tag latest +``` + +### Watch all repositories of a registry + +```console +$ docker scout watch --org my-org --registry registry.example.com +``` + +### Push all images and not just the new ones + +```console +$ docker scout watch--org my-org --repository registry.example.com/my-service --all-images +``` diff --git a/_vendor/modules.txt b/_vendor/modules.txt index b0c916b5cf..a89db1cf82 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,5 +1,6 @@ # github.com/moby/moby v26.0.0+incompatible -# github.com/moby/buildkit v0.13.0-rc3.0.20240402103816-7cd12732690e -# github.com/docker/buildx v0.0.0-00010101000000-000000000000 +# github.com/moby/buildkit v0.13.1 +# github.com/docker/buildx v0.13.1 # github.com/docker/cli v26.0.0+incompatible # github.com/docker/compose/v2 v2.0.0-00010101000000-000000000000 +# github.com/docker/scout-cli v1.7.0 diff --git a/go.mod b/go.mod index bbc7e7340d..ea15999ffe 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/docker/buildx v0.13.1 // indirect github.com/docker/cli v26.0.0+incompatible // indirect github.com/docker/compose/v2 v2.0.0-00010101000000-000000000000 // indirect + github.com/docker/scout-cli v1.7.0 // indirect github.com/moby/buildkit v0.13.1 // indirect github.com/moby/moby v26.0.0+incompatible // indirect ) @@ -16,6 +17,7 @@ replace ( github.com/docker/buildx => github.com/docker/buildx v0.13.1 github.com/docker/cli => github.com/docker/cli v26.0.0+incompatible github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.26.1 + github.com/docker/scout-cli => github.com/docker/scout-cli v1.7.0 github.com/moby/buildkit => github.com/moby/buildkit v0.13.0-rc3.0.20240402103816-7cd12732690e github.com/moby/moby => github.com/moby/moby v26.0.0+incompatible ) diff --git a/go.sum b/go.sum index 6b5a308534..d3730292ef 100644 --- a/go.sum +++ b/go.sum @@ -162,6 +162,8 @@ github.com/docker/scout-cli v1.4.1 h1:jRHO3LI3x2eMrvObKC6uadoRATbwZSXm1NafSzo9Cu github.com/docker/scout-cli v1.4.1/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= github.com/docker/scout-cli v1.6.0 h1:07Kn2d/AshUSUk64ArZzE31lj4h7waGi8tjrFXxMZLY= github.com/docker/scout-cli v1.6.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= +github.com/docker/scout-cli v1.7.0 h1:2dEbQKqkxM6wsJab/Ma3EJacS9ZrkVs1C4KbjXggJjY= +github.com/docker/scout-cli v1.7.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= diff --git a/hugo.yaml b/hugo.yaml index 2c7a93eced..2d8331419d 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -293,3 +293,9 @@ module: - source: docs/reference target: data/compose-cli includeFiles: "*.yaml" + + - path: github.com/docker/scout-cli + mounts: + - source: docs + target: data/scout-cli + includeFiles: "*.yaml"