diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml
index 516cb36e99..a6a986c0a8 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml
@@ -136,6 +136,16 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: only-policy
+ value_type: stringSlice
+ default_value: '[]'
+ description: Comma separated list of policies to evaluate
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
- option: only-severity
value_type: stringSlice
default_value: '[]'
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
index 0e1f400174..896c3b4d0b 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
@@ -124,6 +124,17 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: ignore-suppressed
+ value_type: bool
+ default_value: "false"
+ description: |
+ Filter CVEs found in Scout exceptions based on the specified exception scope
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
- option: locations
value_type: bool
default_value: "false"
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml
index fdf59dda4a..077907ee2b 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml
@@ -30,6 +30,16 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: only-policy
+ value_type: stringSlice
+ default_value: '[]'
+ description: Comma separated list of policies to evaluate
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml
index f8f9ed7a40..4810146b37 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml
@@ -46,6 +46,17 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: ignore-suppressed
+ value_type: bool
+ default_value: "false"
+ description: |
+ Filter CVEs found in Scout exceptions based on the specified exception scope
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
- option: latest
value_type: bool
default_value: "false"
@@ -56,6 +67,16 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: only-policy
+ value_type: stringSlice
+ default_value: '[]'
+ description: Comma separated list of policies to evaluate
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
- option: only-vex-affected
value_type: bool
default_value: "false"
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_compare.md b/_vendor/github.com/docker/scout-cli/docs/scout_compare.md
index b153bc1018..f25aa86355 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_compare.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_compare.md
@@ -19,6 +19,7 @@ Compare two images and display differences (experimental)
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-fixed` | | | Filter to fixable CVEs |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
+| `--only-policy` | `stringSlice` | | Comma separated list of policies to evaluate |
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
| `--only-unfixed` | | | Filter to unfixed CVEs |
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
index 4a7b84b6f4..cd95ab4df4 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
@@ -19,6 +19,7 @@ Display CVEs identified in a software artifact
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- spdx: json SPDX output
- gitlab: json GitLab output
- markdown: markdown output (including some html tags like collapsible sections)
- sbom: json SBOM output
|
| `--ignore-base` | | | Filter out CVEs introduced from base image |
+| `--ignore-suppressed` | | | Filter CVEs found in Scout exceptions based on the specified exception scope |
| `--locations` | | | Print package locations including file paths and layer diff_id |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-base` | | | Only show CVEs introduced by the base image |
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_policy.md b/_vendor/github.com/docker/scout-cli/docs/scout_policy.md
index 5da8fca8ba..46735c018d 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_policy.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_policy.md
@@ -5,14 +5,15 @@ Evaluate policies against an image and display the policy evaluation results (ex
### Options
-| Name | Type | Default | Description |
-|:--------------------|:---------|:--------|:------------------------------------------------------------|
-| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise |
-| `--org` | `string` | | Namespace of the Docker organization |
-| `-o`, `--output` | `string` | | Write the report to a file |
-| `--platform` | `string` | | Platform of image to pull policy results from |
-| `--to-env` | `string` | | Name of the environment to compare to |
-| `--to-latest` | | | Latest image processed to compare to |
+| Name | Type | Default | Description |
+|:--------------------|:--------------|:--------|:------------------------------------------------------------|
+| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise |
+| `--only-policy` | `stringSlice` | | Comma separated list of policies to evaluate |
+| `--org` | `string` | | Namespace of the Docker organization |
+| `-o`, `--output` | `string` | | Write the report to a file |
+| `--platform` | `string` | | Platform of image to pull policy results from |
+| `--to-env` | `string` | | Name of the environment to compare to |
+| `--to-latest` | | | Latest image processed to compare to |
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md
index ac55cdb4ba..3bf752a0cf 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md
@@ -12,7 +12,9 @@ Quick overview of an image
| Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:--------------------------------------------------------------------------------------------------------|
| `--env` | `string` | | Name of the environment |
+| `--ignore-suppressed` | | | Filter CVEs found in Scout exceptions based on the specified exception scope |
| `--latest` | | | Latest indexed image |
+| `--only-policy` | `stringSlice` | | Comma separated list of policies to evaluate |
| `--only-vex-affected` | | | Filter CVEs by VEX statements with status not affected |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
diff --git a/_vendor/modules.txt b/_vendor/modules.txt
index d0497da676..d7d90aa9a9 100644
--- a/_vendor/modules.txt
+++ b/_vendor/modules.txt
@@ -3,4 +3,4 @@
# github.com/docker/buildx v0.16.2
# github.com/docker/cli v27.0.3+incompatible
# github.com/docker/compose/v2 v2.29.1
-# github.com/docker/scout-cli v1.12.0
+# github.com/docker/scout-cli v1.13.0
diff --git a/content/scout/release-notes/cli.md b/content/scout/release-notes/cli.md
index 6dd3f5e4aa..0c8114b2b4 100644
--- a/content/scout/release-notes/cli.md
+++ b/content/scout/release-notes/cli.md
@@ -8,6 +8,25 @@ This page contains information about the new features, improvements, known
issues, and bug fixes in the Docker Scout [CLI plugin](https://github.com/docker/scout-cli/)
and the `docker/scout-action` [GitHub Action](https://github.com/docker/scout-action).
+## 1.13.0
+
+{{< release-date date="2024-08-05" >}}
+
+### New
+
+- Add `--only-policy` filter option to the `docker scout quickview`, `docker scout policy` and `docker scout compare` commands.
+- Add `--ignore-suppressed` filter option to `docker scout cves` and `docker scout quickview` commands to filter out CVEs affected by [exceptions](/scout/explore/exceptions/).
+
+### Bug fixes and enhancements
+
+- Use conditional policy name in checks.
+- Add support for detecting the version of a Go project set using linker flags,
+ for example:
+
+ ```console
+ $ go build -ldflags "-X main.Version=1.2.3"
+ ```
+
## 1.12.0
{{< release-date date="2024-07-31" >}}
diff --git a/go.mod b/go.mod
index e34f467f52..d3a0a54da1 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
github.com/docker/buildx v0.16.2 // indirect
github.com/docker/cli v27.0.3+incompatible // indirect
github.com/docker/compose/v2 v2.29.1 // indirect
- github.com/docker/scout-cli v1.12.0 // indirect
+ github.com/docker/scout-cli v1.13.0 // indirect
github.com/moby/buildkit v0.15.1 // indirect
github.com/moby/moby v27.0.3+incompatible // indirect
)
@@ -17,7 +17,7 @@ replace (
github.com/docker/buildx => github.com/docker/buildx v0.16.2
github.com/docker/cli => github.com/docker/cli v27.0.3+incompatible
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.29.0
- github.com/docker/scout-cli => github.com/docker/scout-cli v1.12.0
+ github.com/docker/scout-cli => github.com/docker/scout-cli v1.13.0
github.com/moby/buildkit => github.com/moby/buildkit v0.15.1
github.com/moby/moby => github.com/moby/moby v27.0.3+incompatible
)
diff --git a/go.sum b/go.sum
index 67230be01d..dafe4219ac 100644
--- a/go.sum
+++ b/go.sum
@@ -204,6 +204,8 @@ github.com/docker/scout-cli v1.11.0 h1:I310kNhjw3oeKe8T1cQEh6yPgy6VtpuwzjWchETn8
github.com/docker/scout-cli v1.11.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.12.0 h1:NhmT4BzL2lYiIk5hPFvK5FzQ8izbLDL3/Rugcyulv1M=
github.com/docker/scout-cli v1.12.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
+github.com/docker/scout-cli v1.13.0 h1:RThUM56yooV5izqgMEYQS+a6Yx+vGmZofJwX0qjgkco=
+github.com/docker/scout-cli v1.13.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=