Merge pull request #21301 from dvdksn/scout-1.15.0

scout: scout-cli v1.15.0
This commit is contained in:
David Karlsson 2024-11-05 10:52:26 +01:00 committed by GitHub
commit 48f3bcc826
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 53 additions and 13 deletions

View File

@ -44,6 +44,7 @@ options:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM
- cyclonedx: cyclone dx representation of the SBOM
deprecated: false
hidden: false
experimental: false

View File

@ -264,8 +264,8 @@ pkg:apk/alpine/zlib@1.2.12-r1?arch=aarch64&distro=alpine-3.16.1
...
11 vulnerabilities found in 2 packages
LOW 0
MEDIUM 8
HIGH 2
CRITICAL 1
HIGH 2
MEDIUM 8
LOW 0
```

View File

@ -5,13 +5,13 @@ Generate or display SBOM of an image
### Options
| Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------|
| `--format` | `string` | `json` | Output format:<br>- list: list of packages of the image<br>- json: json representation of the SBOM<br>- spdx: spdx representation of the SBOM |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)<br>Can only be used with --format list |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
| Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--format` | `string` | `json` | Output format:<br>- list: list of packages of the image<br>- json: json representation of the SBOM<br>- spdx: spdx representation of the SBOM<br>- cyclonedx: cyclone dx representation of the SBOM |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)<br>Can only be used with --format list |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
<!---MARKER_GEN_END-->

View File

@ -3,4 +3,4 @@
# github.com/docker/buildx v0.18.0
# github.com/docker/cli v27.3.2-0.20241008150905-cb3048fbebb1+incompatible
# github.com/docker/compose/v2 v2.30.1
# github.com/docker/scout-cli v1.13.0
# github.com/docker/scout-cli v1.15.0

View File

@ -9,6 +9,43 @@ This page contains information about the new features, improvements, known
issues, and bug fixes in the Docker Scout [CLI plugin](https://github.com/docker/scout-cli/)
and the `docker/scout-action` [GitHub Action](https://github.com/docker/scout-action).
## 1.15.0
{{< release-date date="2024-10-31" >}}
### New
- New `--format=cyclonedx` flag for the `docker scout sbom` to output the SBOM in CycloneDX format.
### Enhancements
- Use high-to-low sort order for CVE summary.
- Support for enabling and disabling repositories that enabled by `docker scout push` or `docker scout watch`.
### Bug fixes
- Improve messaging when analyzing `oci` directories without attestations.
Only single-platform images and multi-platform image _with attestations_ are supported.
Multi-platform images without attestations are not supported.
- Improve classifiers and SBOM indexer:
- Add classifier for Liquibase `lpm`.
- Add Rakudo Star/MoarVM binary classifier.
- Add binary classifiers for silverpeas utilities.
- Improve reading and caching of attestations with the containerd image store.
## 1.14.0
{{< release-date date="2024-09-24" >}}
### New
- Add suppression information at the CVE level in the `docker scout cves` command.
### Bug fixes
- Fix listing CVEs for dangling images, for example: `local://sha256:...`
- Fix panic when analysing a file system input, for instance with `docker scout cves fs://.`
## 1.13.0
{{< release-date date="2024-08-05" >}}

4
go.mod
View File

@ -6,7 +6,7 @@ require (
github.com/docker/buildx v0.18.0 // indirect
github.com/docker/cli v27.3.2-0.20241008150905-cb3048fbebb1+incompatible // indirect
github.com/docker/compose/v2 v2.30.1 // indirect
github.com/docker/scout-cli v1.13.0 // indirect
github.com/docker/scout-cli v1.15.0 // indirect
github.com/moby/buildkit v0.17.0 // indirect
github.com/moby/moby v27.3.1+incompatible // indirect
)
@ -15,7 +15,7 @@ replace (
github.com/docker/buildx => github.com/docker/buildx v0.18.0
github.com/docker/cli => github.com/docker/cli v27.3.1+incompatible
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.30.1
github.com/docker/scout-cli => github.com/docker/scout-cli v1.13.0
github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0
github.com/moby/buildkit => github.com/moby/buildkit v0.17.0
github.com/moby/moby => github.com/moby/moby v27.3.1+incompatible
)

2
go.sum
View File

@ -228,6 +228,8 @@ github.com/docker/scout-cli v1.12.0 h1:NhmT4BzL2lYiIk5hPFvK5FzQ8izbLDL3/Rugcyulv
github.com/docker/scout-cli v1.12.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.13.0 h1:RThUM56yooV5izqgMEYQS+a6Yx+vGmZofJwX0qjgkco=
github.com/docker/scout-cli v1.13.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.15.0 h1:VhA9niVftEyZ9f5KGwKnrSfQOp2X3uIU3VbE/gTVMTM=
github.com/docker/scout-cli v1.15.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=