Merge pull request #18148 from dvdksn/scout-sysdig-integration

scout sysdig integration

.github/vale/Vocab/Technology/accept.txt

@@ -75,6 +75,7 @@ Snyk
 Solr
 SonarQube
 Syft
+Sysdig
 TCP
 TLS
 Telepresence

content/scout/data-handling.md

@@ -11,9 +11,10 @@ images that you analyze. This metadata is stored on the Docker Scout platform.
 
 ## Data transmission
 
-Docker Scout collects and sends the following image metadata to the platform.
+This section describes the data that Docker Scout collects and sends to the
+platform.
 
-Docker and OCI image metadata:
+### Image metadata
 
 - Image creation timestamp
 - Image digest
@@ -25,7 +26,7 @@ Docker and OCI image metadata:
 - Operating system type and version
 - Registry URL and type
 
-Software Bill of Materials (SBOM) metadata:
+### SBOM metadata
 
 - Package URLs (PURL)
 - Package author and description
@@ -45,6 +46,18 @@ information on the SBOM. If there's a match, the results of the match are
 displayed in the user interfaces where Docker Scout data is surfaced, such as
 the Docker Scout Dashboard and in Docker Desktop.
 
+### Environment metadata
+
+If you integrate Docker Scout with your runtime environment via the [Sysdig
+integration](./integrations/environment/sysdig.md), the Docker Scout data plane
+collects the following data points:
+
+- Kubernetes namespace
+- Workload name
+- Workload type (for example, DaemonSet)
+
+### Local analysis
+
 For images analyzed locally on a developer's machine, Docker Scout only
 transmits PURLs and layer digests. This data is not persistently stored on the
 Docker Scout platform; it's only used to run the analysis.
@@ -58,4 +71,4 @@ For the purposes of providing the Docker Scout service, data is stored using:
 
 Data is used according to the processes described at
 [docker.com/legal](https://www.docker.com/legal/) to provide the key
-capabilities of Docker Scout.
+capabilities of Docker Scout.

content/scout/integrations/environment/_index.md

@@ -39,6 +39,7 @@ Docker Scout supports the following runtime integrations:
 
 - [Docker Scout GitHub Action](https://github.com/marketplace/actions/docker-scout#record-an-image-deployed-to-a-stream-environment)
 - [CLI client](./cli.md)
+- [Sysdig integration](./sysdig.md)
 
 > **Note**
 >

content/scout/integrations/environment/sysdig.md

@@ -0,0 +1,107 @@
+---
+title: Integrate Docker Scout with Sysdig
+description: scout, sysdig, integration, image analysis, environments, supply chain
+keywords: Integrate your runtime environments with Docker Scout using Sysdig
+---
+
+{{< include "scout-early-access.md" >}}
+
+The Sysdig integration enables Docker Scout to automatically detect the images
+you're using for your running workloads. Activating this integration gives you
+real-time insights about your security posture, and lets you compare your
+builds with what's running in production.
+
+## How it works
+
+The Sysdig Agent captures the images of your container workloads. Docker Scout
+integrates with the Sysdig API to discover the images in your cluster. This
+integration uses Sysdig's Risk Spotlight feature. For more information, see
+[Risk Spotlight Integrations (Sysdig docs)](https://docs.sysdig.com/en/docs/sysdig-secure/integrations-for-sysdig-secure/risk-spotlight-integrations/).
+
+> **Tip**
+>
+> Sysdig offers a free trial for Docker users to try out the new Docker Scout integration.
+>
+> {{< button url=`https://sysdig.com/free-trial-for-docker-customers/` text="Sign up" >}}
+{ .tip }
+
+Each Sysdig integration maps to an environment. When you enable a Sysdig
+integration, you specify the environment name for that cluster, such as
+`production` or `staging`. Docker Scout assigns the images in the cluster to
+the corresponding environment. This lets you use the environment filters to see
+vulnerability status and policy compliance for an environment.
+
+Only images analyzed by Docker Scout can be assigned to an environment. The
+Sysdig runtime integration doesn't trigger image analysis by itself. To analyze
+images automatically, enable a [registry integration](../_index.md#container-registries).
+
+Image analysis must not necessarily precede the runtime integration, but the
+environment assignment only takes place once Docker Scout has analyzed the
+image.
+
+## Prerequisites
+
+- Install the Sysdig Agent in the cluster that you want to integrate, see [Install Sysdig Agent (Sysdig docs)](https://docs.sysdig.com/en/docs/installation/sysdig-monitor/install-sysdig-agent/).
+- Enable profiling for Risk Spotlight Integrations in Sysdig, see [Profiling (Sysdig docs)](https://docs.sysdig.com/en/docs/sysdig-secure/policies/image-profiles/#enable-for-risk-spotlight-integrations-or-for-the-in-use-column).
+- You must be an organization owner to enable the integration in the Docker Scout Dashboard.
+
+## Integrate an environment
+
+1. Go to [Integrations](https://scout.docker.com/settings/integrations/) on the
+   Docker Scout Dashboard.
+2. Select the **Detect images running in my environments** filter.
+3. Find Sysdig in the list, and select **Integrate**.
+
+4. In the **How to integrate** section, enter a configuration name for this
+   integration. Docker Scout uses this label as a display name for the
+   integration.
+
+5. Select **Next**.
+
+6. Enter a Risk Spotlight API token and select the region in the drop-down
+   list.
+
+   The Risk Spotlight API token is the Sysdig token that Docker Scout needs to
+   integrate with Sysdig. For more instructions on how to generate a Risk
+   Spotlight token, See [Risk Spotlight Integrations (Sysdig docs)](https://docs.sysdig.com/en/docs/sysdig-secure/integrations-for-sysdig-secure/risk-spotlight-integrations/#generate-a-token-for-the-integration).
+
+   The region corresponds to the `global.sysdig.region` configuration parameter
+   set when deploying the Sysdig Agent.
+
+7. Select **Next**.
+
+   After selecting **Next**, Docker Scout connects to Sysdig and retrieves the
+   cluster names for your Sysdig account. Cluster names correspond to the
+   `global.clusterConfig.name` configuration parameter set when deploying
+   Sysdig Agents.
+
+   An error displays if Docker Scout fails to connect to Sysdig using the
+   provided token. If there's an error, you won't be able to continue the
+   integration. Go back and verify that the configuration details are correct.
+
+8. Select a cluster name in the drop-down list.
+
+9. Select **Next**.
+
+10. Assign an environment name for this cluster.
+
+    You can reuse an existing environment or create a new one.
+
+11. Select **Enable integration**.
+
+After enabling the integration, Docker Scout automatically detects images
+running in the cluster, and assigns those images to the environment associated
+with the cluster. For more information about environments, see [Environment
+monitoring](./_index.md).
+
+> **Note**
+>
+> Docker Scout only detects images that have been analyzed. To trigger an image
+> analysis, enable a [registry integration](../_index.md#container-registries)
+> and push an image to your registry.
+>
+> If you created a new environment for this integration, the environment
+> appears in Docker Scout when at least one image has been analyzed.
+
+To integrate more clusters, go to the [Integrations](https://scout.docker.com/settings/integrations/ecr),
+page, select **Sysdig** > **Manage** and select the **Add** button.

data/redirects.yml

@@ -593,6 +593,8 @@
   - /go/scout-artifactory/
 "/scout/integrations/registry/ecr/":
   - "/go/scout-ecr/"
+"/scout/integrations/registry/sysdig/":
+  - "/go/scout-sysdig/"
 
 # Build links
 "/desktop/use-desktop/builds/":

data/toc.yaml

@@ -1998,6 +1998,8 @@ Manuals:
         section:
         - title: Overview
           path: /scout/integrations/environment/
+        - title: Sysdig
+          path: /scout/integrations/environment/sysdig/
         - title: Generic
           path: /scout/integrations/environment/cli/
       - sectiontitle: Container registries