mirror of https://github.com/docker/docs.git
scout: restructure manuals section
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
parent
b21e0573af
commit
4a7abd11be
|
@ -226,7 +226,7 @@ $ docker buildx build --attest type=sbom,generator=<image> .
|
|||
> **Tip**
|
||||
>
|
||||
> The Docker Scout SBOM generator is available. See
|
||||
> [Docker Scout SBOMs](../../scout/sbom.md#attest).
|
||||
> [Docker Scout SBOMs](/scout/how-tos/view-create-sboms.md).
|
||||
{ .tip }
|
||||
|
||||
## SBOM attestation example
|
||||
|
|
|
@ -52,8 +52,8 @@ To inspect an image, select the image row. Inspecting an image displays detailed
|
|||
- Vulnerabilities found
|
||||
- Packages inside the image
|
||||
|
||||
[Docker Scout](../../scout/index.md) powers this vulnerability information.
|
||||
For more information about this view, see [Image details view](../../scout/image-details-view.md)
|
||||
[Docker Scout](/scout/_index.md) powers this vulnerability information.
|
||||
For more information about this view, see [Image details view](/scout/explore/image-details-view.md)
|
||||
|
||||
## Pull the latest image from Docker Hub
|
||||
|
||||
|
@ -102,4 +102,4 @@ Hovering over an image tag reveals two options:
|
|||
|
||||
## Additional resources
|
||||
|
||||
- [What is an image?](../../guides/docker-concepts/the-basics/what-is-an-image.md)
|
||||
- [What is an image?](../../guides/docker-concepts/the-basics/what-is-an-image.md)
|
||||
|
|
|
@ -123,7 +123,7 @@ To view the vulnerability report:
|
|||

|
||||
|
||||
For more information on this view, see
|
||||
[Image details view](../scout/image-details-view.md).
|
||||
[Image details view](/scout/explore/image-details-view.md).
|
||||
|
||||
### Inspect vulnerabilities
|
||||
|
||||
|
|
|
@ -3,6 +3,8 @@ description: More details on the advisory database and CVE-to-package matching s
|
|||
behind Docker Scout analysis.
|
||||
keywords: scout, scanning, analysis, vulnerabilities, Hub, supply chain, security, packages, repositories, ecosystem
|
||||
title: Advisory database sources and matching service
|
||||
aliases:
|
||||
/scout/advisory-db-sources/
|
||||
---
|
||||
|
||||
Reliable information sources are key for Docker Scout's ability to
|
||||
|
@ -53,7 +55,7 @@ The database stores the Software Bill of Materials (SBOM) and other metadata abo
|
|||
When a security advisory has new information about a vulnerability,
|
||||
your SBOM is cross-referenced with the CVE information to detect how it affects you.
|
||||
|
||||
For more details on how image analysis works, see the [image analysis page](./image-analysis.md).
|
||||
For more details on how image analysis works, see the [image analysis page](/scout/explore/analysis.md).
|
||||
|
||||
## Vulnerability matching
|
||||
|
|
@ -5,6 +5,8 @@ keywords: |
|
|||
materials, config, ports, labels, os, registry, timestamp, digest, layers,
|
||||
architecture, license, dependencies, base image
|
||||
title: Data collection and storage in Docker Scout
|
||||
aliases:
|
||||
/scout/data-handling/
|
||||
---
|
||||
|
||||
Docker Scout's image analysis works by collecting metadata from the container
|
||||
|
@ -68,7 +70,7 @@ and packages, and application-level packages such as maven, npm, and so on.
|
|||
### Environment metadata
|
||||
|
||||
If you integrate Docker Scout with your runtime environment via the
|
||||
[Sysdig integration](./integrations/environment/sysdig.md),
|
||||
[Sysdig integration](/scout/integrations/environment/sysdig.md),
|
||||
Docker Scout collects the following data points about your deployments:
|
||||
|
||||
- Kubernetes namespace
|
||||
|
@ -83,7 +85,7 @@ Docker Scout platform; it's only used to run the analysis.
|
|||
|
||||
### Provenance
|
||||
|
||||
For images with [provenance attestations](../build/attestations/slsa-provenance.md),
|
||||
For images with [provenance attestations](/build/attestations/slsa-provenance.md),
|
||||
Docker Scout stores the following data in addition to the SBOM:
|
||||
|
||||
- Materials
|
|
@ -6,6 +6,7 @@ description:
|
|||
keywords: scout, scanning, vulnerabilities, supply chain, security, analysis
|
||||
aliases:
|
||||
- /scout/advanced-image-analysis/
|
||||
- /scout/image-analysis/
|
||||
---
|
||||
|
||||
When you activate image analysis for a repository,
|
||||
|
@ -13,7 +14,7 @@ Docker Scout automatically analyzes new images that you push to that repository.
|
|||
|
||||
Image analysis extracts the Software Bill of Material (SBOM)
|
||||
and other image metadata,and evaluates it against vulnerability data from
|
||||
[security advisories](./advisory-db-sources.md).
|
||||
[security advisories](/scout/deep-dive/advisory-db-sources.md).
|
||||
|
||||
If you run image analysis as a one-off task using the CLI or Docker Desktop,
|
||||
Docker Scout won't store any data about your image.
|
||||
|
@ -25,19 +26,19 @@ This dynamic evaluation means there's no need to re-analyze images when new CVE
|
|||
|
||||
Docker Scout image analysis is available by default for Docker Hub repositories.
|
||||
You can also integrate third-party registries and other services. To learn more,
|
||||
see [Integrating Docker Scout with other systems](./integrations/_index.md).
|
||||
see [Integrating Docker Scout with other systems](/scout/integrations/_index.md).
|
||||
|
||||
## Activate Docker Scout on a repository
|
||||
|
||||
The free tier of Docker Scout lets you use Docker Scout for up to 3
|
||||
repositories per Docker organization. You can update your Docker Scout plan if
|
||||
you need additional repositories, see [Docker Scout
|
||||
billing](../billing/scout-billing.md).
|
||||
billing](/billing/scout-billing.md).
|
||||
|
||||
Before you can activate image analysis on a repository in a third-party registry,
|
||||
the registry must be integrated with Docker Scout for your Docker organization.
|
||||
Docker Hub is integrated by default. For more information, see
|
||||
See [Container registry integrations](./integrations/_index.md#container-registries)
|
||||
See [Container registry integrations](/scout/integrations/_index.md#container-registries)
|
||||
|
||||
> **Note**
|
||||
>
|
||||
|
@ -74,13 +75,13 @@ analysis is activated.
|
|||
```
|
||||
|
||||
Building with the `--provenance=true` and `--sbom=true` flags attaches
|
||||
[build attestations](../build/attestations/_index.md) to the image. Docker
|
||||
[build attestations](/build/attestations/_index.md) to the image. Docker
|
||||
Scout uses attestations to provide more fine-grained analysis results.
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> The default `docker` driver only supports build attestations if you use the
|
||||
> [containerd image store](../desktop/containerd.md).
|
||||
> [containerd image store](/desktop/containerd.md).
|
||||
|
||||
3. Go to the [Images page](https://scout.docker.com/reports/images) in the Docker Scout Dashboard.
|
||||
|
||||
|
@ -182,13 +183,13 @@ $ docker scout cves --format only-packages --only-vuln-packages \
|
|||
For more information about these commands and how to use them, refer to the CLI
|
||||
reference documentation:
|
||||
|
||||
- [`docker scout quickview`](../reference/cli/docker/scout/quickview.md)
|
||||
- [`docker scout cves`](../reference/cli/docker/scout/cves.md)
|
||||
- [`docker scout quickview`](/reference/cli/docker/scout/quickview.md)
|
||||
- [`docker scout cves`](/reference/cli/docker/scout/cves.md)
|
||||
|
||||
## Vulnerability severity assessment
|
||||
|
||||
Docker Scout assigns a severity rating to vulnerabilities based on
|
||||
vulnerability data from [advisory sources](./advisory-db-sources.md).
|
||||
vulnerability data from [advisory sources](/scout/deep-dive/advisory-db-sources.md).
|
||||
Advisories are ranked and prioritized depending on the type of package that's
|
||||
affected by a vulnerability. For example, if a vulnerability affects an OS
|
||||
package, the severity level assigned by the distribution maintainer is
|
||||
|
@ -230,7 +231,7 @@ Image analysis on the Docker Scout platform, and analysis triggered by backgroun
|
|||
indexing in Docker Desktop, has an image file size limit of 10 GB (uncompressed).
|
||||
To analyze images larger than that, you can either:
|
||||
|
||||
- Attach [SBOM attestations](../build/attestations/sbom.md) at build-time
|
||||
- Attach [SBOM attestations](/build/attestations/sbom.md) at build-time
|
||||
- Use the [CLI](#cli) to analyze the image locally
|
||||
|
||||
Images analyzed locally with the CLI and images with SBOM attestations
|
|
@ -6,6 +6,7 @@ title: Dashboard
|
|||
aliases:
|
||||
- /scout/reports/
|
||||
- /scout/web-app/
|
||||
- /scout/dashboard/
|
||||
---
|
||||
|
||||
The [Docker Scout Dashboard](https://scout.docker.com/) helps you share the
|
||||
|
@ -17,19 +18,19 @@ vulnerabilities and issues they need to focus on.
|
|||
|
||||
## Overview
|
||||
|
||||

|
||||

|
||||
|
||||
The **Overview** tab provides a summary for the repositories in the selected
|
||||
organization.
|
||||
|
||||
At the top of this page, you can select which **Environment** to view.
|
||||
By default, the most recently pushed images are shown. To learn more about
|
||||
environments, see [Environment monitoring](./integrations/environment/_index.md).
|
||||
environments, see [Environment monitoring](/scout/integrations/environment/_index.md).
|
||||
|
||||
The **Policy** boxes show your current compliance rating for each policy, and a
|
||||
trend indication for the selected environment. The trend describes the policy
|
||||
delta for the most recent images compared to the previous version.
|
||||
For more information about policies, see [Policy Evaluation](./policy/_index.md).
|
||||
For more information about policies, see [Policy Evaluation](/scout/policy/_index.md).
|
||||
|
||||
The vulnerability chart shows the total number of vulnerabilities for images in
|
||||
the selected environment over time. You can configure the timescale for the
|
||||
|
@ -52,14 +53,14 @@ The **Policies** view shows a breakdown of policy compliance for all of the
|
|||
images in the selected organization and environment. You can use the **Image**
|
||||
drop-down menu to view a policy breakdown for a specific environment.
|
||||
|
||||
For more information about policies, see [Policy Evaluation](./policy/_index.md).
|
||||
For more information about policies, see [Policy Evaluation](/scout/policy/_index.md).
|
||||
|
||||
## Images
|
||||
|
||||
The **Images** view shows all images in Scout-enabled repositories for the selected environment.
|
||||
You can filter the list by selecting a different environment, or by repository name using the text filter.
|
||||
|
||||

|
||||

|
||||
|
||||
For each repository, the list displays the following details:
|
||||
|
||||
|
@ -79,7 +80,7 @@ This view contains two tabs that detail the composition and policy compliance fo
|
|||
- **Policy status** shows the policy evaluation results for the selected image.
|
||||
Here you also have links for details about the policy violations.
|
||||
|
||||
For more information about policy, see [Policy Evaluation](./policy/_index.md).
|
||||
For more information about policy, see [Policy Evaluation](/scout/policy/_index.md).
|
||||
|
||||
- **Image layers** shows a breakdown of the image analysis results.
|
||||
You can get a complete view of the vulnerabilities your image contains
|
||||
|
@ -90,7 +91,7 @@ This view contains two tabs that detail the composition and policy compliance fo
|
|||
The **Vulnerabilities** view shows a list of all vulnerabilities for images in the organization.
|
||||
This list includes details about CVE such as the severity and Common Vulnerability Scoring System (CVSS) score,
|
||||
as well as whether there's a fix version available.
|
||||
The CVSS score displayed here is the highest score out of all available [sources](./advisory-db-sources.md).
|
||||
The CVSS score displayed here is the highest score out of all available [sources](/scout/deep-dive/advisory-db-sources.md).
|
||||
|
||||
Selecting the links on this page opens the vulnerability details page,
|
||||
This page is a publicly visible page, and shows detailed information about a CVE.
|
||||
|
@ -105,7 +106,7 @@ affected by the CVE.
|
|||
The **Integrations** page lets you create and manage your Docker Scout
|
||||
integrations, such as environment integrations and registry integrations. For
|
||||
more information on how to get started with integrations, see
|
||||
[Integrating Docker Scout with other systems](./integrations/_index.md).
|
||||
[Integrating Docker Scout with other systems](/scout/integrations/_index.md).
|
||||
|
||||
## Settings
|
||||
|
||||
|
@ -123,7 +124,7 @@ included in your plan, compare it with other available plans, and change the
|
|||
plan if you're an organization owner.
|
||||
|
||||
For more information about subscription plans, see
|
||||
[Docker Scout subscriptions and features](../subscription/scout-details.md)
|
||||
[Docker Scout subscriptions and features](/subscription/scout-details.md)
|
||||
|
||||
### Repository settings
|
||||
|
||||
|
@ -131,7 +132,7 @@ When you enable Docker Scout for a repository,
|
|||
Docker Scout analyzes new tags automatically when you push to that repository.
|
||||
To enable repositories in Amazon ECR, Azure ACR, or other third-party registries,
|
||||
you first need to integrate them.
|
||||
See [Container registry integrations](./integrations/_index.md#container-registries)
|
||||
See [Container registry integrations](/scout/integrations/_index.md#container-registries)
|
||||
|
||||
### Notification settings
|
||||
|
||||
|
@ -184,7 +185,7 @@ The available notification settings are:
|
|||
notifications using the browser API.
|
||||
|
||||
From this page, you can also go to the settings for Team collaboration
|
||||
integrations, such as the [Slack](./integrations/team-collaboration/slack.md)
|
||||
integrations, such as the [Slack](/scout/integrations/team-collaboration/slack.md)
|
||||
integration.
|
||||
|
||||
You can also configure your notification settings in Docker Desktop by going
|
|
@ -4,6 +4,8 @@ keywords: scout, supply chain, vulnerabilities, packages, cves, image, tag, scan
|
|||
analysis, analyze
|
||||
description: The Docker Scout image detail view analyzes images to show their heirachy,
|
||||
layers, packages, and vulnerabilities
|
||||
aliases:
|
||||
- /scout/image-details-view
|
||||
---
|
||||
|
||||
The image details view shows a breakdown of the Docker Scout analysis. You can
|
||||
|
@ -12,11 +14,11 @@ access the image view from the Docker Scout Dashboard, the Docker Desktop
|
|||
show a breakdown of the image hierarchy (base images), image layers, packages,
|
||||
and vulnerabilities.
|
||||
|
||||

|
||||

|
||||
|
||||
Docker Desktop first analyzes images locally, where it generates a software bill of materials (SBOM).
|
||||
Docker Desktop, Docker Hub, and the Docker Scout Dashboard and CLI all use the [package URL (PURL) links](https://github.com/package-url/purl-spec)
|
||||
in this SBOM to query for matching Common Vulnerabilities and Exposures (CVEs) in [Docker Scout's advisory database](./advisory-db-sources.md).
|
||||
in this SBOM to query for matching Common Vulnerabilities and Exposures (CVEs) in [Docker Scout's advisory database](/scout/deep-dive/advisory-db-sources.md).
|
||||
|
||||
## Image hierarchy
|
||||
|
||||
|
@ -141,7 +143,7 @@ of `debian` to use. By providing more than one alternative to choose from, you
|
|||
can see for yourself how the options compare with each other, and decide which
|
||||
one to use.
|
||||
|
||||

|
||||

|
||||
|
||||
Select a tag recommendation to see further details of the recommendation.
|
||||
It shows the benefits and potential disadvantages of the tag, why it's a
|
|
@ -4,6 +4,8 @@ description: |
|
|||
Learn how to scrape data from Docker Scout using Prometheus to create your own
|
||||
vulnerability and policy dashboards wiht Grafana
|
||||
keywords: scout, exporter, prometheus, grafana, metrics, dashboard, api, compose
|
||||
aliases:
|
||||
- /scout/metrics-exporter/
|
||||
---
|
||||
|
||||
Docker Scout exposes a metrics HTTP endpoint that lets you scrape vulnerability
|
||||
|
@ -23,7 +25,7 @@ The metrics endpoint exposes the following metrics:
|
|||
|
||||
> **Streams**
|
||||
>
|
||||
> In Docker Scout, the streams concept is a superset of [environments](./integrations/environment/_index.md).
|
||||
> In Docker Scout, the streams concept is a superset of [environments](/scout/integrations/environment/_index.md).
|
||||
> Streams include all runtime environments that you've defined,
|
||||
> as well as the special `latest-indexed` stream.
|
||||
> The `latest-indexed` stream contains the most recently pushed (and analyzed) tag for each repository.
|
||||
|
@ -156,16 +158,16 @@ The Prometheus server runs in a Docker container and is accessible on port 9090.
|
|||
After a few seconds, you should see the metrics endpoint as a target in the
|
||||
Prometheus UI at <http://localhost:9090/targets>.
|
||||
|
||||

|
||||

|
||||
|
||||
### Viewing the metrics in Grafana
|
||||
|
||||
To view the Grafana dashboards, go to <http://localhost:3000/dashboards>,
|
||||
and sign in using the credentials defined in the Docker Compose file (username: `admin`, password: `grafana`).
|
||||
|
||||

|
||||

|
||||
|
||||

|
||||

|
||||
|
||||
The dashboards are pre-configured to visualize the vulnerability and policy metrics scraped by Prometheus.
|
||||
|
||||
|
@ -316,13 +318,13 @@ to see the metrics collected from this example. This configuration will collect
|
|||
all exposed metrics starting with `scout_` under the namespace
|
||||
`scout_metrics_exporter`.
|
||||
|
||||

|
||||

|
||||
|
||||
The following screenshots show examples of a Datadog dashboard containing
|
||||
graphs about vulnerability and policy compliance for a specific [stream](#stream).
|
||||
|
||||

|
||||

|
||||

|
||||

|
||||
|
||||
> The reason why the lines in the graphs look flat is due to the own nature of
|
||||
> vulnerabilities (they don't change too often) and the short time interval
|
|
@ -1,9 +1,11 @@
|
|||
---
|
||||
title: Specify artifact type or location with prefixes
|
||||
title: Use Scout with different artifact types
|
||||
description: |
|
||||
Some of the Docker Scout commands support image references prefixes
|
||||
for controlling the location of the images or files that you want to analyze.
|
||||
keywords: scout, vulnerabilities, analyze, analysis, cli, packages, sbom, cve, security, local, source, code, supply chain
|
||||
aliases:
|
||||
- /scout/image-prefix/
|
||||
---
|
||||
|
||||
Some of the Docker Scout CLI commands support prefixes for specifying
|
||||
|
@ -174,6 +176,6 @@ $ docker scout sbom --format spdx -o sbom.spdx.json archive://scout-cli.tar
|
|||
|
||||
Read about the commands and supported flags in the CLI reference documentation:
|
||||
|
||||
- [`docker scout quickview`](../reference/cli/docker/scout/compare.md)
|
||||
- [`docker scout cves`](../reference/cli/docker/scout/compare.md)
|
||||
- [`docker scout compare`](../reference/cli/docker/scout/compare.md)
|
||||
- [`docker scout quickview`](/reference/cli/docker/scout/quickview.md)
|
||||
- [`docker scout cves`](/reference/cli/docker/scout/cves.md)
|
||||
- [`docker scout compare`](/reference/cli/docker/scout/compare.md)
|
|
@ -1,8 +1,10 @@
|
|||
---
|
||||
title: Environment variables used by Docker Scout
|
||||
title: Configure Docker Scout with environment variables
|
||||
linkTitle: Docker Scout environment variables
|
||||
description: Configure how the behavior of Docker Scout CLI commands using these environment variables
|
||||
keywords: scout, supply chain, cli, environment, variables, env, vars, configure
|
||||
aliases:
|
||||
- /scout/env-vars/
|
||||
---
|
||||
|
||||
The following environment variables are available to configure the Docker Scout
|
|
@ -4,9 +4,10 @@ description: Use Docker Scout to extract the SBOM for your project.
|
|||
keywords: scout, supply chain, sbom, software bill of material, spdx, cli, attestations, file
|
||||
aliases:
|
||||
- /engine/sbom/
|
||||
- /scout/sbom/
|
||||
---
|
||||
|
||||
[Image analysis](./image-analysis.md) uses image SBOMs to understand what packages and versions an image contains.
|
||||
[Image analysis](/scout/explore/analysis.md) uses image SBOMs to understand what packages and versions an image contains.
|
||||
Docker Scout uses SBOM attestations if available on the image (recommended).
|
||||
If no SBOM attestation is available, Docker Scout creates one by indexing the image contents.
|
||||
|
||||
|
@ -56,12 +57,12 @@ $ docker scout sbom --format list alpine
|
|||
```
|
||||
|
||||
For more information about the `docker scout sbom` command, refer to the [CLI
|
||||
reference](../reference/cli/docker/scout/sbom.md).
|
||||
reference](/reference/cli/docker/scout/sbom.md).
|
||||
|
||||
## Attach as build attestation {#attest}
|
||||
|
||||
You can generate the SBOM and attach it to the image at build-time as an
|
||||
[attestation](../build/attestations/_index.md). BuildKit provides a default
|
||||
[attestation](/build/attestations/_index.md). BuildKit provides a default
|
||||
SBOM generator which is different from what Docker Scout uses.
|
||||
You can configure BuildKit to use the Docker Scout SBOM generator
|
||||
using the `--attest` flag for the `docker build` command.
|
||||
|
@ -75,7 +76,7 @@ $ docker build --tag <org>/<image> \
|
|||
```
|
||||
|
||||
To build images with SBOM attestations, you must either turn on
|
||||
the [containerd image store](../desktop/containerd.md) feature, or use a
|
||||
the [containerd image store](/desktop/containerd.md) feature, or use a
|
||||
`docker-container` builder together with the `--push` flag to push the image
|
||||
(with attestations) directly to a registry.
|
||||
|
|
@ -44,6 +44,6 @@ high-severity vulnerabilities.
|
|||
> **Note**
|
||||
>
|
||||
> If you're seeing a `permission denied` error related to the image cache, try
|
||||
> setting the [`DOCKER_SCOUT_CACHE_DIR`](../../env-vars.md) environment
|
||||
> setting the [`DOCKER_SCOUT_CACHE_DIR`](/scout/how-tos/configure-cli.md) environment
|
||||
> variable to a writable directory. Or alternatively, disable local caching
|
||||
> entirely with `DOCKER_SCOUT_NO_CACHE=true`.
|
||||
|
|
|
@ -43,8 +43,8 @@ Docker Scout supports the following runtime integrations:
|
|||
>
|
||||
> Only organization owners can create new environments and set up integrations.
|
||||
> Additionally, Docker Scout only assigns an image to an environment if the
|
||||
> image [has been analyzed](../../image-analysis.md), either manually or
|
||||
> through a [registry integration](../_index.md#container-registries).
|
||||
> image [has been analyzed](/scout/explore/analysis.md), either manually or
|
||||
> through a [registry integration](/scout/integrations/_index.md#container-registries).
|
||||
|
||||
## List environments
|
||||
|
||||
|
@ -79,7 +79,7 @@ comparing the image built from the code in the PR to the corresponding image in
|
|||
staging or production.
|
||||
|
||||
You can also compare with streams using the `--to-env` flag on the
|
||||
[`docker scout compare`](../../../reference/cli/docker/scout/compare.md)
|
||||
[`docker scout compare`](/reference/cli/docker/scout/compare.md)
|
||||
CLI command:
|
||||
|
||||
```console
|
||||
|
|
|
@ -26,7 +26,7 @@ After the integration, Docker Scout automatically pulls and analyzes images
|
|||
that you push to the ECR registry. Metadata about your images are stored on the
|
||||
Docker Scout platform, but Docker Scout doesn't store the container images
|
||||
themselves. For more information about how Docker Scout handles image data, see
|
||||
[Data handling](../../data-handling.md).
|
||||
[Data handling](/scout/deep-dive/data-handling.md).
|
||||
|
||||
### CloudFormation stack template
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ to the Slack channels associated with the webhook.
|
|||
> is not by a newly disclosed CVE, then no notification will be triggered.
|
||||
|
||||
For more information about Docker Scout notifications,
|
||||
see [Notification settings](../../dashboard.md#notification-settings)
|
||||
see [Notification settings](/scout/explore/dashboard.md#notification-settings)
|
||||
|
||||
## Setup
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ with established best practices.
|
|||
## How Policy Evaluation works
|
||||
|
||||
When you activate Docker Scout for a repository, images that you push are
|
||||
[automatically analyzed](../image-analysis.md). The analysis gives you insights
|
||||
[automatically analyzed](/scout/explore/analysis.md). The analysis gives you insights
|
||||
about the composition of your images, including what packages they contain and
|
||||
what vulnerabilities they're exposed to. Policy Evaluation builds on top of the
|
||||
image analysis feature, interpreting the analysis results against the rules
|
||||
|
|
|
@ -274,7 +274,7 @@ to policy customization, and runtime environment monitoring in real-time.
|
|||
|
||||
Check out the following sections:
|
||||
|
||||
- [Image analysis](./image-analysis.md)
|
||||
- [Image analysis](/scout/explore/analysis.md)
|
||||
- [Data sources](/scout/advisory-db-sources)
|
||||
- [Docker Scout Dashboard](/scout/dashboard)
|
||||
- [Integrations](./integrations/_index.md)
|
||||
|
|
|
@ -23,7 +23,7 @@ New features and enhancements released in the second quarter of 2024.
|
|||
|
||||
New HTTP endpoint that lets you scrape data from Docker Scout with Prometheus,
|
||||
to create your own vulnerability and policy dashboards with Grafana.
|
||||
For more information, see [Docker Scout metrics exporter](../metrics-exporter.md).
|
||||
For more information, see [Docker Scout metrics exporter](/scout/explore/metrics-exporter.md).
|
||||
|
||||
## Q1 2024
|
||||
|
||||
|
|
|
@ -71,7 +71,7 @@ If SCIM isn't enabled, you have to manually remove PAT users from the organizati
|
|||
|
||||
### What metadata is collected from container images that Scout analyzes?
|
||||
|
||||
For information about the metadata stored by Docker Scout, see [Data handling](../../scout/data-handling.md).
|
||||
For information about the metadata stored by Docker Scout, see [Data handling](/scout/deep-dive/data-handling.md).
|
||||
|
||||
### How are extensions within the Marketplace vetted for security prior to placement?
|
||||
|
||||
|
|
|
@ -609,10 +609,8 @@
|
|||
- /go/docker-scout/
|
||||
"/scout/quickstart/":
|
||||
- /go/scout-quickstart/
|
||||
"/scout/dashboard/":
|
||||
"/scout/explore/dashboard/":
|
||||
- /go/scout-dashboard/
|
||||
"/scout/ci/":
|
||||
- /go/scout-ci/
|
||||
"/scout/policy/":
|
||||
- /go/scout-policy/
|
||||
"/scout/policy/configure/":
|
||||
|
@ -620,6 +618,8 @@
|
|||
"/build/building/best-practices/#pin-base-image-versions":
|
||||
- /go/base-image-pinning/
|
||||
# integrations
|
||||
"/scout/integrations/ci/":
|
||||
- /go/scout-ci/
|
||||
"/scout/integrations/ci/gha/":
|
||||
- "/go/scout-gha/"
|
||||
"/scout/integrations/ci/gitlab/":
|
||||
|
@ -646,9 +646,9 @@
|
|||
- "/go/scout-github/"
|
||||
"/scout/guides/vex/":
|
||||
- "/go/vex-guide/"
|
||||
"/scout/metrics-exporter/":
|
||||
"/scout/explore/metrics-exporter/":
|
||||
- "/go/scout-metrics-exporter"
|
||||
"/scout/dashboard/#notification-settings":
|
||||
"/scout/explore/dashboard/#notification-settings":
|
||||
- /go/scout-notifications/
|
||||
"/scout/integrations/team-collaboration/slack/":
|
||||
- "/go/scout-slack/"
|
||||
|
|
|
@ -1415,28 +1415,30 @@ Manuals:
|
|||
title: Quickstart
|
||||
- path: /scout/install/
|
||||
title: Install
|
||||
- sectiontitle: Explore Docker Scout
|
||||
- sectiontitle: Explore
|
||||
section:
|
||||
- path: /scout/dashboard/
|
||||
- path: /scout/explore/analysis/
|
||||
title: Analysis
|
||||
- path: /scout/explore/dashboard/
|
||||
title: Dashboard
|
||||
- path: /scout/image-details-view/
|
||||
- path: /scout/explore/image-details-view/
|
||||
title: Image details view
|
||||
- path: /scout/advisory-db-sources/
|
||||
title: Advisory database
|
||||
- path: /scout/data-handling/
|
||||
title: Data handling
|
||||
- sectiontitle: Use Docker Scout
|
||||
section:
|
||||
- path: /scout/image-analysis/
|
||||
title: Image analysis
|
||||
- path: /scout/image-prefix/
|
||||
title: Specify artifact type or location
|
||||
- path: /scout/sbom/
|
||||
title: SBOM
|
||||
- path: /scout/env-vars/
|
||||
title: Environment variables
|
||||
- path: /scout/metrics-exporter/
|
||||
- path: /scout/explore/metrics-exporter/
|
||||
title: Metrics exporter
|
||||
- sectiontitle: How-tos
|
||||
section:
|
||||
- path: /scout/how-tos/artifact-types/
|
||||
title: Specify artifact type or location
|
||||
- path: /scout/how-tos/view-create-sboms/
|
||||
title: View and create SBOMs
|
||||
- path: /scout/how-tos/configure-cli/
|
||||
title: Configure the CLI
|
||||
- sectiontitle: Deep dive
|
||||
section:
|
||||
- path: /scout/deep-dive/advisory-db-sources/
|
||||
title: Advisory database
|
||||
- path: /scout/deep-dive/data-handling/
|
||||
title: Data handling
|
||||
- sectiontitle: Policy Evaluation
|
||||
section:
|
||||
- path: /scout/policy/
|
||||
|
|
Loading…
Reference in New Issue