docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

vendor: github.com/docker/scout-cli v1.2.0 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2023-11-24 20:09:11 +01:00
parent ac1f89531d
commit 7bab9ae913
42 changed files with 469 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml generated
View File

@ -43,6 +43,16 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_cache.yaml generated
View File

@ -20,6 +20,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false

19
_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml generated
View File

@ -1,12 +1,13 @@
command: docker scout cache df
short: Show Docker Scout disk usage
long: |-
Docker Scout stores temporary files to generate SBOMs of images and cache the results to not generate or fetch them again.
Docker Scout uses a temporary cache storage for generating image SBOMs.
The cache helps avoid regenerating or fetching resources unnecessarily.
This `docker scout cache df` command will list all the temporary and cached data on the host. Each is identified by the
digest of the image.
This `docker scout cache df` command shows the cached data on the host.
Each cache entry is identified by the digest of the image.
Those data can be deleted using the `docker scout cache prune` command.
You can use the `docker scout cache prune` command to delete cache data at any time.
usage: docker scout cache df
pname: docker scout cache
plink: docker_scout_cache.yaml
@ -21,6 +22,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List temporary and cache files

18
_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml generated
View File

@ -1,12 +1,10 @@
command: docker scout cache prune
short: Remove temporary or cached data
long: |-
Docker Scout stores temporary files to generate SBOMs of images and cache those SBOMs to not generate or fetch them again.
The `docker scout cache prune` command removes temporary data and SBOM cache.
The `docker scout cache prune` command will remove all the temporary files used while generating the SBOMs.
By default the cached SBOMs will not be deleted are they can be used by the different `docker scout` commands. But the `--sboms`
flag can be used to delete them.
By default, `docker scout cache prune` only deletes temporary data.
To delete temporary data and clear the SBOM cache, use the `--sboms` flag.
usage: docker scout cache prune
pname: docker scout cache
plink: docker_scout_cache.yaml
@ -43,6 +41,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Delete temporary data

35
_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml generated
View File

@ -2,14 +2,15 @@ command: docker scout compare
aliases: docker scout compare, docker scout diff
short: Compare two images and display differences (experimental)
long: |-
The `docker scout compare` command analyzes two images and displays a comparison of both.
The `docker scout compare` command analyzes two images and displays a comparison.
> This command is **experimental** and its behaviour might change in the future
The main usage is to compare two versions of the same image.
For instance when a new image is built and compared to the version running in production.
The intended use of this command is to compare two versions of the same image.
For instance, when a new image is built and compared to the version running in production.
If no image is specified, the most recently built image will be used.
If no image is specified, the most recently built image is used
as a comparison target.
The following artifact types are supported:
@ -18,8 +19,6 @@ long: |-
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
@ -33,7 +32,7 @@ long: |-
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
usage: docker scout compare --to IMAGE|DIRECTORY|ARCHIVE [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
@ -44,6 +43,18 @@ options:
value_type: bool
default_value: "false"
description: Return exit code '2' if vulnerability changes are detected
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: exit-on
shorthand: x
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of conditions to fail the action step if worse, options are: vulnerability, policy
deprecated: false
hidden: false
experimental: false
@ -253,6 +264,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Compare the most recently built image to the latest tag

13
_vendor/github.com/docker/scout-cli/docs/docker_scout_config.yaml generated
View File

@ -4,7 +4,8 @@ long: |-
`docker scout config` allows you to list, get and set Docker Scout configuration.
Available configuration key:
- `organization`: Namespace of the Docker organization to be used by default if it cannot be inferred from the image reference
- `organization`: Namespace of the Docker organization to be used by default.
usage: docker scout config [KEY] [VALUE]
pname: docker scout
plink: docker_scout.yaml
@ -19,6 +20,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List existing configuration

25
_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml generated
View File

@ -3,7 +3,7 @@ short: Display CVEs identified in a software artifact
long: |-
The `docker scout cves` command analyzes a software artifact for vulnerabilities.
If no image is specified, the most recently built image will be used.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
@ -12,8 +12,6 @@ long: |-
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
@ -27,7 +25,7 @@ long: |-
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
usage: docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
@ -297,6 +295,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Display vulnerabilities grouped by package
@ -351,7 +359,7 @@ examples: |-
### Display markdown output
The markdown output also contains HTML tags to have a better rendering. This output can be used for instance in Pull Request comments.
The following example shows how to generate the vulnerability report as markdown.
```console
$ docker scout cves --format markdown alpine
@ -372,11 +380,10 @@ examples: |-
...
```
### List all packages of a certain typethat are vulnerable
### List all vulnerable packages of a certain type
The output will show the list of the packages of the image, that can be filtered, with the summary of vulnerabilities for each.
By default even packages with no vulnerabilities will be displayed.
The following example shows how to generate a list of packages, only including
packages of the specified type, and only showing packages that are vulnerable.
```console
$ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_enroll.yaml generated
View File

@ -16,6 +16,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false

21
_vendor/github.com/docker/scout-cli/docs/docker_scout_environment.yaml generated
View File

@ -2,9 +2,16 @@ command: docker scout environment
aliases: docker scout environment, docker scout env
short: Manage environments (experimental)
long: |-
The `docker scout environment` command lists the environments and records images to it.
The `docker scout environment` command lists the environments.
If you pass an image reference, the image is recorded to the specified environment.
Once recorded, environments can be referred to by their name, eg. in the `docker scout compare` command using `--to-env`.`
Once recorded, environments can be referred to by their name. For example,
you can refer to the `production` environment with the `docker scout compare`
command as follows:
```console
$ docker scout compare --to-env production
```
usage: docker scout environment [ENVIRONMENT] [IMAGE]
pname: docker scout
plink: docker_scout.yaml
@ -48,6 +55,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List existing environments

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_help.yaml generated
View File

@ -15,6 +15,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration.yaml generated
View File

@ -22,6 +22,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_configure.yaml generated
View File

@ -45,6 +45,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_delete.yaml generated
View File

@ -35,6 +35,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_list.yaml generated
View File

@ -35,6 +35,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false

42
_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml generated
View File

@ -1,8 +1,11 @@
command: docker scout policy
short: |
Evaluate policies against an image and display the policy evaluation results (experimental)
long: |
The `docker scout policy` command evaluates policies against an image. The image is indexed into the Scout platform - if it wasn't already - and policies will run against it. The policy results may take a few minutes to become available.
long: |-
The `docker scout policy` command evaluates policies against an image.
The image analysis is uploaded to Docker Scout where policies get evaluated.
The policy evaluation results may take a few minutes to become available.
usage: docker scout policy [IMAGE | REPO]
pname: docker scout
plink: docker_scout.yaml
@ -10,8 +13,8 @@ options:
- option: env
value_type: string
description: Name of the environment to compare to
deprecated: false
hidden: false
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -55,6 +58,25 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: to-env
value_type: string
description: Name of the environment to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-latest
value_type: bool
default_value: "false"
description: Latest image processed to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
@ -66,6 +88,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Evaluate policies against an image and display the results
@ -88,7 +120,7 @@ examples: |-
### Compare policy results for a repository in a specific environment
```console
$ docker scout policy dockerscoutpolicy/customers-api-service --env production
$ docker scout policy dockerscoutpolicy/customers-api-service --to-env production
```
deprecated: false
experimental: false

12
_vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml generated
View File

@ -1,7 +1,7 @@
command: docker scout push
short: Push an image or image index to Docker Scout (experimental)
long: |
The `docker scout push` command allows to push an image or image index to Docker Scout.
The `docker scout push` command lets you push an image or analysis result to Docker Scout.
usage: docker scout push IMAGE
pname: docker scout
plink: docker_scout.yaml
@ -64,6 +64,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Push an image to Docker Scout

31
_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml generated
View File

@ -3,10 +3,11 @@ aliases: docker scout quickview, docker scout qv
short: Quick overview of an image
long: |-
The `docker scout quickview` command displays a quick overview of an image.
It displays a summary of the vulnerabilities in the image and the vulnerabilities from the base image.
If available it also displays base image refresh and update recommendations.
It displays a summary of the vulnerabilities in the specified image
and vulnerabilities from the base image.
If available, it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image will be used.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
@ -15,8 +16,6 @@ long: |-
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
@ -30,7 +29,7 @@ long: |-
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
usage: docker scout quickview [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
@ -45,6 +44,16 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: latest
value_type: bool
default_value: "false"
description: Latest indexed image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
@ -104,6 +113,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Quick overview of an image

19
_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml generated
View File

@ -3,9 +3,10 @@ short: Display available base image updates and remediation recommendations
long: |-
The `docker scout recommendations` command display recommendations for base images updates.
It analyzes the image and display recommendations to refresh or update the base image.
For each recommendation it shows a list of benefits like less vulnerabilities, smaller image, etc.
For each recommendation it shows a list of benefits, such as
fewer vulnerabilities or smaller image size.
If no image is specified, the most recently built image will be used.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
@ -14,8 +15,6 @@ long: |-
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
@ -29,7 +28,7 @@ long: |-
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
usage: docker scout recommendations [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
@ -114,6 +113,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Display base image update recommendations

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo.yaml generated
View File

@ -22,6 +22,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml generated
View File

@ -64,6 +64,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Disable a specific repository

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml generated
View File

@ -63,6 +63,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Enable a specific repository

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml generated
View File

@ -69,6 +69,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false

27
_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml generated
View File

@ -1,11 +1,14 @@
command: docker scout sbom
short: Generate or display SBOM of an image
long: |-
The `docker scout sbom` command analyzes a software artifact to generate the corresponding Software Bill Of Materials (SBOM).
The `docker scout sbom` command analyzes a software artifact to generate a
Software Bill Of Materials (SBOM).
The SBOM can be used to list all packages, or the ones from a specific type (as dep, maven, etc).
The SBOM contains a list of all packages in the image.
You can use the `--format` flag to filter the output of the command
to display only packages of a specific type.
If no image is specified, the most recently built image will be used.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
@ -14,8 +17,6 @@ long: |-
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
@ -29,7 +30,7 @@ long: |-
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
usage: docker scout sbom [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
@ -102,6 +103,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Display the list of packages
@ -115,13 +126,13 @@ examples: |-
$ docker scout sbom --format list --only-package-type apk alpine
```
### Display the full SBOM as json
### Display the full SBOM in JSON format
```console
$ docker scout sbom alpine
```
### Display the full SBOM of the most recently buitl image
### Display the full SBOM of the most recently built image
```console
$ docker scout sbom

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_stream.yaml generated
View File

@ -47,6 +47,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List existing streams

33
_vendor/github.com/docker/scout-cli/docs/docker_scout_version.yaml generated
View File

@ -15,11 +15,40 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
```console
$ docker scout version
version: v0.2.2 (go1.19.5 - darwin/arm64)
git commit: c15f374b9a39d993da2e8a1db7edc4be4f7c0c1e
⢀⢀⢀ ⣀⣀⡤⣔⢖⣖⢽⢝
⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀ ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅
⡜⡜⡜⡜⡜⡜⠜⠈⠈ ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺
⢘⢜⢜⢜⢜⠜ ⠈⠪⡳⡵⣹⡪⠇
⠨⡪⡪⡪⠂ ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀ ⠘⢝⢮⡚ _____ _
⠱⡱⠁ ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦ ⠘⡵⠁ / ____| Docker | |
⠁ ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣ ⠁ | (___ ___ ___ _ _| |_
⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳ \___ \ / __/ _ \| | | | __|
⢀ ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏ ⡀ ____) | (_| (_) | |_| | |_
⢀⢾⠄ ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝ ⢠⢣⢂ |_____/ \___\___/ \__,_|\__|
⡼⣕⢗⡄ ⠈⠓⠝⢮⡳⣝⠮⠳⠙ ⢠⢢⢣⢣
⢰⡫⡮⡳⣝⢦⡀ ⢀⢔⢕⢕⢕⢕⠅
⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀ ⡀⡠⡢⡣⡣⡣⡣⡣⡃
⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁ ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈
⡯⡳⠳⠝⠊⠓⠉ ⠈⠈⠈⠈
version: v1.0.9 (go1.21.3 - darwin/arm64)
git commit: 8bf95bf60d084af341f70e8263342f71b0a3cd16
```
deprecated: false
experimental: false

15
_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml generated
View File

@ -1,8 +1,9 @@
command: docker scout watch
short: |
Watch repositories in a registry and push images and indexes to Docker Scout (experimental)
long: |
The `docker scout watch` command watches repositories in a registry and pushes images or image indexes to Docker Scout.
long: |-
The `docker scout watch` command watches repositories in a registry
and pushes images or analysis results to Docker Scout.
usage: docker scout watch
pname: docker scout
plink: docker_scout.yaml
@ -118,6 +119,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Watch for new images from two repositories and push them

9
_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md generated
View File

@ -8,12 +8,13 @@ Show Docker Scout disk usage
## Description
Docker Scout stores temporary files to generate SBOMs of images and cache the results to not generate or fetch them again.
Docker Scout uses a temporary cache storage for generating image SBOMs.
The cache helps avoid regenerating or fetching resources unnecessarily.
This `docker scout cache df` command will list all the temporary and cached data on the host. Each is identified by the
digest of the image.
This `docker scout cache df` command shows the cached data on the host.
Each cache entry is identified by the digest of the image.
Those data can be deleted using the `docker scout cache prune` command.
You can use the `docker scout cache prune` command to delete cache data at any time.
## Examples

8
_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md generated
View File

@ -15,12 +15,10 @@ Remove temporary or cached data
## Description
Docker Scout stores temporary files to generate SBOMs of images and cache those SBOMs to not generate or fetch them again.
The `docker scout cache prune` command removes temporary data and SBOM cache.
The `docker scout cache prune` command will remove all the temporary files used while generating the SBOMs.
By default the cached SBOMs will not be deleted are they can be used by the different `docker scout` commands. But the `--sboms`
flag can be used to delete them.
By default, `docker scout cache prune` only deletes temporary data.
To delete temporary data and clear the SBOM cache, use the `--sboms` flag.
## Examples

15
_vendor/github.com/docker/scout-cli/docs/scout_compare.md generated
View File

@ -11,7 +11,7 @@ Compare two images and display differences (experimental)
| Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerability changes are detected |
| `-x`, `--exit-on` | `stringSlice` | | Comma separated list of conditions to fail the action step if worse, options are: vulnerability, policy |
| `--format` | `string` | `text` | Output format of the generated vulnerability report:<br>- text: default output, plain text with or without colors depending on the terminal<br>- markdown: Markdown output<br> |
| `--hide-policies` | | | Hide policy status from the output |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
@ -36,14 +36,15 @@ Compare two images and display differences (experimental)
## Description
The `docker scout compare` command analyzes two images and displays a comparison of both.
The `docker scout compare` command analyzes two images and displays a comparison.
> This command is **experimental** and its behaviour might change in the future
The main usage is to compare two versions of the same image.
For instance when a new image is built and compared to the version running in production.
The intended use of this command is to compare two versions of the same image.
For instance, when a new image is built and compared to the version running in production.
If no image is specified, the most recently built image will be used.
If no image is specified, the most recently built image is used
as a comparison target.
The following artifact types are supported:
@ -52,8 +53,6 @@ The following artifact types are supported:
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
@ -67,7 +66,7 @@ or if you want to control from where the image will be resolved, you must prefix
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples

3
_vendor/github.com/docker/scout-cli/docs/scout_config.md generated
View File

@ -11,7 +11,8 @@ Manage Docker Scout configuration
`docker scout config` allows you to list, get and set Docker Scout configuration.
Available configuration key:
- `organization`: Namespace of the Docker organization to be used by default if it cannot be inferred from the image reference
- `organization`: Namespace of the Docker organization to be used by default.
## Examples

15
_vendor/github.com/docker/scout-cli/docs/scout_cves.md generated
View File

@ -42,7 +42,7 @@ Display CVEs identified in a software artifact
The `docker scout cves` command analyzes a software artifact for vulnerabilities.
If no image is specified, the most recently built image will be used.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
@ -51,8 +51,6 @@ The following artifact types are supported:
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
@ -66,7 +64,7 @@ or if you want to control from where the image will be resolved, you must prefix
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples
@ -124,7 +122,7 @@ Analyzing image alpine
### Display markdown output
The markdown output also contains HTML tags to have a better rendering. This output can be used for instance in Pull Request comments.
The following example shows how to generate the vulnerability report as markdown.
```console
$ docker scout cves --format markdown alpine
@ -145,11 +143,10 @@ $ docker scout cves --format markdown alpine
...
```
### List all packages of a certain typethat are vulnerable
### List all vulnerable packages of a certain type
The output will show the list of the packages of the image, that can be filtered, with the summary of vulnerabilities for each.
By default even packages with no vulnerabilities will be displayed.
The following example shows how to generate a list of packages, only including
packages of the specified type, and only showing packages that are vulnerable.
```console
$ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0

11
_vendor/github.com/docker/scout-cli/docs/scout_environment.md generated
View File

@ -20,9 +20,16 @@ Manage environments (experimental)
## Description
The `docker scout environment` command lists the environments and records images to it.
The `docker scout environment` command lists the environments.
If you pass an image reference, the image is recorded to the specified environment.
Once recorded, environments can be referred to by their name, eg. in the `docker scout compare` command using `--to-env`.`
Once recorded, environments can be referred to by their name. For example,
you can refer to the `production` environment with the `docker scout compare`
command as follows:
```console
$ docker scout compare --to-env production
```
## Examples

10
_vendor/github.com/docker/scout-cli/docs/scout_policy.md generated
View File

@ -7,18 +7,22 @@ Evaluate policies against an image and display the policy evaluation results (ex
| Name | Type | Default | Description |
|:--------------------|:---------|:--------|:------------------------------------------------------------|
| `--env` | `string` | | Name of the environment to compare to |
| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to pull policy results from |
| `--to-env` | `string` | | Name of the environment to compare to |
| `--to-latest` | | | Latest image processed to compare to |
<!---MARKER_GEN_END-->
## Description
The `docker scout policy` command evaluates policies against an image. The image is indexed into the Scout platform - if it wasn't already - and policies will run against it. The policy results may take a few minutes to become available.
The `docker scout policy` command evaluates policies against an image.
The image analysis is uploaded to Docker Scout where policies get evaluated.
The policy evaluation results may take a few minutes to become available.
## Examples
@ -43,5 +47,5 @@ $ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform l
### Compare policy results for a repository in a specific environment
```console
$ docker scout policy dockerscoutpolicy/customers-api-service --env production
$ docker scout policy dockerscoutpolicy/customers-api-service --to-env production
```

2
_vendor/github.com/docker/scout-cli/docs/scout_push.md generated
View File

@ -18,7 +18,7 @@ Push an image or image index to Docker Scout (experimental)
## Description
The `docker scout push` command allows to push an image or image index to Docker Scout.
The `docker scout push` command lets you push an image or analysis result to Docker Scout.
## Examples

12
_vendor/github.com/docker/scout-cli/docs/scout_quickview.md generated
View File

@ -12,6 +12,7 @@ Quick overview of an image
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:---------------------------------------------------------------------------------------------------------|
| `--env` | `string` | | Name of the environment |
| `--latest` | | | Latest indexed image |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
@ -23,10 +24,11 @@ Quick overview of an image
## Description
The `docker scout quickview` command displays a quick overview of an image.
It displays a summary of the vulnerabilities in the image and the vulnerabilities from the base image.
If available it also displays base image refresh and update recommendations.
It displays a summary of the vulnerabilities in the specified image
and vulnerabilities from the base image.
If available, it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image will be used.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
@ -35,8 +37,6 @@ The following artifact types are supported:
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
@ -50,7 +50,7 @@ or if you want to control from where the image will be resolved, you must prefix
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples

9
_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md generated
View File

@ -22,9 +22,10 @@ Display available base image updates and remediation recommendations
The `docker scout recommendations` command display recommendations for base images updates.
It analyzes the image and display recommendations to refresh or update the base image.
For each recommendation it shows a list of benefits like less vulnerabilities, smaller image, etc.
For each recommendation it shows a list of benefits, such as
fewer vulnerabilities or smaller image size.
If no image is specified, the most recently built image will be used.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
@ -33,8 +34,6 @@ The following artifact types are supported:
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
@ -48,7 +47,7 @@ or if you want to control from where the image will be resolved, you must prefix
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples

17
_vendor/github.com/docker/scout-cli/docs/scout_sbom.md generated
View File

@ -18,11 +18,14 @@ Generate or display SBOM of an image
## Description
The `docker scout sbom` command analyzes a software artifact to generate the corresponding Software Bill Of Materials (SBOM).
The `docker scout sbom` command analyzes a software artifact to generate a
Software Bill Of Materials (SBOM).
The SBOM can be used to list all packages, or the ones from a specific type (as dep, maven, etc).
The SBOM contains a list of all packages in the image.
You can use the `--format` flag to filter the output of the command
to display only packages of a specific type.
If no image is specified, the most recently built image will be used.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
@ -31,8 +34,6 @@ The following artifact types are supported:
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
@ -46,7 +47,7 @@ or if you want to control from where the image will be resolved, you must prefix
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples
@ -63,13 +64,13 @@ $ docker scout sbom --format list alpine
$ docker scout sbom --format list --only-package-type apk alpine
```
### Display the full SBOM as json
### Display the full SBOM in JSON format
```console
$ docker scout sbom alpine
```
### Display the full SBOM of the most recently buitl image
### Display the full SBOM of the most recently built image
```console
$ docker scout sbom

23
_vendor/github.com/docker/scout-cli/docs/scout_version.md generated
View File

@ -14,6 +14,25 @@ Show Docker Scout version information
```console
$ docker scout version
version: v0.2.2 (go1.19.5 - darwin/arm64)
git commit: c15f374b9a39d993da2e8a1db7edc4be4f7c0c1e
⢀⢀⢀ ⣀⣀⡤⣔⢖⣖⢽⢝
⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀ ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅
⡜⡜⡜⡜⡜⡜⠜⠈⠈ ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺
⢘⢜⢜⢜⢜⠜ ⠈⠪⡳⡵⣹⡪⠇
⠨⡪⡪⡪⠂ ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀ ⠘⢝⢮⡚ _____ _
⠱⡱⠁ ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦ ⠘⡵⠁ / ____| Docker | |
⠁ ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣ ⠁ | (___ ___ ___ _ _| |_
⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳ \___ \ / __/ _ \| | | | __|
⢀ ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏ ⡀ ____) | (_| (_) | |_| | |_
⢀⢾⠄ ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝ ⢠⢣⢂ |_____/ \___\___/ \__,_|\__|
⡼⣕⢗⡄ ⠈⠓⠝⢮⡳⣝⠮⠳⠙ ⢠⢢⢣⢣
⢰⡫⡮⡳⣝⢦⡀ ⢀⢔⢕⢕⢕⢕⠅
⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀ ⡀⡠⡢⡣⡣⡣⡣⡣⡃
⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁ ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈
⡯⡳⠳⠝⠊⠓⠉ ⠈⠈⠈⠈
version: v1.0.9 (go1.21.3 - darwin/arm64)
git commit: 8bf95bf60d084af341f70e8263342f71b0a3cd16
```

3
_vendor/github.com/docker/scout-cli/docs/scout_watch.md generated
View File

@ -23,7 +23,8 @@ Watch repositories in a registry and push images and indexes to Docker Scout (ex
## Description
The `docker scout watch` command watches repositories in a registry and pushes images or image indexes to Docker Scout.
The `docker scout watch` command watches repositories in a registry
and pushes images or analysis results to Docker Scout.
## Examples

2
_vendor/modules.txt
View File

@ -1,7 +1,7 @@
# github.com/moby/moby v24.0.5+incompatible
# github.com/moby/buildkit v0.13.0-beta1.0.20231113205014-1efcd30d9dd6
# github.com/docker/buildx v0.12.0
# github.com/docker/scout-cli v1.0.9
# github.com/docker/scout-cli v1.2.0
# github.com/docker/cli v24.0.8-0.20231106123152-48ec4f339e2b+incompatible
# github.com/docker/compose-cli v1.0.35
# github.com/compose-spec/compose-spec v0.0.0-20231121152139-478928e7c9f8

2
go.mod
View File

@ -10,7 +10,7 @@ require (
github.com/docker/cli v24.0.8-0.20231106123152-48ec4f339e2b+incompatible // indirect
github.com/docker/compose-cli v1.0.35 // indirect
github.com/docker/compose/v2 v2.23.3 // indirect
github.com/docker/scout-cli v1.0.9 // indirect
github.com/docker/scout-cli v1.2.0 // indirect
github.com/moby/buildkit v0.13.0-beta1.0.20231113205014-1efcd30d9dd6 // indirect
github.com/moby/moby v24.0.5+incompatible // indirect
)

2
go.sum
View File

@ -101,6 +101,8 @@ github.com/docker/scout-cli v1.0.2 h1:KweJ2S/WXncRIv+9+GrNI4bq/5TjcWY8WyWqgfV1zd
github.com/docker/scout-cli v1.0.2/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.0.9 h1:P2Rs+HhVOIoSJZ1fcVuSDaxvV/8dCJTFdb3shrQtj5E=
github.com/docker/scout-cli v1.0.9/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.2.0 h1:cjtsf7s2f6NO9OxgXWPW3DGxaTKVU58JKmVtaVMc0RA=
github.com/docker/scout-cli v1.2.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=