docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

scout: bump cli v1.0.2 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2023-09-26 10:11:22 +02:00
parent e91fd9843f
commit 93616d55b5
43 changed files with 703 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml generated
View File

@ -11,6 +11,7 @@ cname:
- docker scout cves
- docker scout enroll
- docker scout environment
- docker scout integration
- docker scout quickview
- docker scout recommendations
- docker scout repo
@ -22,6 +23,7 @@ clink:
- docker_scout_cves.yaml
- docker_scout_enroll.yaml
- docker_scout_environment.yaml
- docker_scout_integration.yaml
- docker_scout_quickview.yaml
- docker_scout_recommendations.yaml
- docker_scout_repo.yaml

4
_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml generated
View File

@ -53,10 +53,6 @@ examples: |-
sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
Total: 4 MB
What's Next?
Delete all cached SBOMs → docker scout prune
```
deprecated: false
experimental: false

67
_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml generated
View File

@ -16,6 +16,7 @@ long: |-
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -25,7 +26,15 @@ long: |-
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` or `--to-type` flag.
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
usage: docker scout compare --to IMAGE|DIRECTORY|ARCHIVE [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@ -54,6 +63,16 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: hide-policies
value_type: bool
default_value: "false"
description: Hide policy status from the output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-base
value_type: bool
default_value: "false"
@ -168,7 +187,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive.
Can only be used with archive.
deprecated: false
hidden: false
experimental: false
@ -207,7 +226,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive.
Can only be used with archive.
deprecated: false
hidden: false
experimental: false
@ -223,36 +242,6 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: to-type
value_type: string
default_value: image
description: |-
Image type to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: type
value_type: string
default_value: image
description: |-
Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
@ -271,6 +260,12 @@ examples: |-
$ docker scout compare --to namespace/repo:latest
```
### Compare local build to the same tag from the registry
```console
$ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
```
### Ignore base images
```console
@ -288,6 +283,12 @@ examples: |-
```console
$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Show all policy results for both images
```console
docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
deprecated: false
experimental: false
experimentalcli: true

44
_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml generated
View File

@ -10,6 +10,7 @@ long: |-
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -19,7 +20,15 @@ long: |-
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
usage: docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@ -57,11 +66,7 @@ options:
- option: format
value_type: string
default_value: packages
description: |-
Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- markdown: markdown output (including some html tags like collapsible sections)
description: "Output format of the generated vulnerability report:\n- packages: default output, plain text with vulnerabilities grouped by packages\n- sarif: json Sarif output\n- spdx: json SPDX output \n- markdown: markdown output (including some html tags like collapsible sections)"
deprecated: false
hidden: false
experimental: false
@ -214,7 +219,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive.
Can only be used with archive.
deprecated: false
hidden: false
experimental: false
@ -230,21 +235,6 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: type
value_type: string
default_value: image
description: |-
Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex
value_type: bool
default_value: "false"
@ -302,7 +292,7 @@ examples: |-
```console
$ docker save alpine > alpine.tar
$ docker scout cves --type archive alpine.tar
$ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar
✓ Archive read
✓ SBOM of image already cached, 18 packages indexed
@ -314,7 +304,7 @@ examples: |-
```console
$ skopeo copy --override-os linux docker://alpine oci:alpine
$ docker scout cves --type oci-dir alpine
$ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine
✓ OCI directory read
✓ Image stored for indexing
@ -322,6 +312,12 @@ examples: |-
✓ No vulnerable package detected
```
### Display vulnerabilities from the current directory
```console
$ docker scout cves fs://.
```
### Export vulnerabilities to a SARIF JSON file
```console

35
_vendor/github.com/docker/scout-cli/docs/docker_scout_entitlement.yaml generated
View File

@ -1,35 +0,0 @@
command: docker scout entitlement
short: Manage entitlement of a Docker Hub repository
long: |
The docker scout entitlement command enables Docker Scout on repositories on Docker Hub.
usage: docker scout entitlement REPOSITORY
pname: docker scout
plink: docker_scout.yaml
options:
- option: disable
value_type: bool
default_value: "false"
description: Disable Docker Scout on repository
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

30
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration.yaml generated Normal file
View File

@ -0,0 +1,30 @@
command: docker scout integration
short: Commands to list, configure, and delete Docker Scout integrations
long: Commands to list, configure, and delete Docker Scout integrations
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout integration configure
- docker scout integration delete
- docker scout integration list
clink:
- docker_scout_integration_configure.yaml
- docker_scout_integration_delete.yaml
- docker_scout_integration_list.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

53
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_configure.yaml generated Normal file
View File

@ -0,0 +1,53 @@
command: docker scout integration configure
short: Configure or update a new integration configuration
long: |
The docker scout integration configure command creates or updates a new integration configuration for an organization.
usage: docker scout integration configure INTEGRATION
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to create
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: parameter
value_type: stringSlice
default_value: '[]'
description: Integration parameters in the form of --parameter NAME=VALUE
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

43
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_delete.yaml generated Normal file
View File

@ -0,0 +1,43 @@
command: docker scout integration delete
short: Delete a new integration configuration
long: |
The docker scout integration delete command deletes a new integration configuration for an organization.
usage: docker scout integration delete INTEGRATION
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to delete
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

43
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_list.yaml generated Normal file
View File

@ -0,0 +1,43 @@
command: docker scout integration list
short: Integration Docker Scout
long: |
The docker scout integration list configured integrations for an organization.
usage: docker scout integration list [INTEGRATION]
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to list
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

27
_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml generated
View File

@ -1,14 +1,15 @@
command: docker scout policy
short: Display the policy results of an image (experimental)
short: |
Evaluate policies against an image and display the policy evaluation results (experimental)
long: |
The `docker scout policy` command displays the policy results of an image if there are any.
The `docker scout policy` command evaluates policies against an image. The image is indexed into the Scout platform - if it wasn't already - and policies will run against it. The policy results may take a few minutes to become available.
usage: docker scout policy [IMAGE | REPO]
pname: docker scout
plink: docker_scout.yaml
options:
- option: env
value_type: string
description: Name of the environment to compare to.
description: Name of the environment to compare to
deprecated: false
hidden: false
experimental: false
@ -19,7 +20,7 @@ options:
shorthand: e
value_type: bool
default_value: "false"
description: Return exit code '2' if policies are not met.
description: Return exit code '2' if policies are not met, '0' otherwise
deprecated: false
hidden: false
experimental: false
@ -38,7 +39,7 @@ options:
- option: output
shorthand: o
value_type: string
description: Write the report to a file.
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
@ -47,7 +48,7 @@ options:
swarm: false
- option: platform
value_type: string
description: Platform of image to pull policy results from.
description: Platform of image to pull policy results from
deprecated: false
hidden: false
experimental: false
@ -66,12 +67,24 @@ inherited_options:
kubernetes: false
swarm: false
examples: |-
### Display the policy results of an image
### Evaluate policies against an image and display the results
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1
```
### Evaluate policies against an image for a specific organization
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy
```
### Evaluate policies against an image with a specific platform
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64
```
### Compare policy results for a repository in a specific environment
```console

47
_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml generated
View File

@ -7,6 +7,31 @@ long: |-
If available it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image will be used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
usage: docker scout quickview [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@ -52,7 +77,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive.
Can only be used with archive.
deprecated: false
hidden: false
experimental: false
@ -68,21 +93,6 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: type
value_type: string
default_value: image
description: |-
Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
@ -109,11 +119,6 @@ examples: |-
│ -5 -1 -3 -6 -6
Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L
│ -5 -1 -2 -19 -6
│ Know more about vulnerabilities:
│ docker scout cves golang:1.19.4
│ Know more about base image update recommendations:
│ docker scout recommendations golang:1.19.4
```
### Quick overview of the most recently built image

29
_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml generated
View File

@ -12,8 +12,9 @@ long: |-
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates base image updates and remediation recommendations.
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
@ -21,7 +22,15 @@ long: |-
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
usage: docker scout recommendations [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@ -78,7 +87,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive.
Can only be used with archive.
deprecated: false
hidden: false
experimental: false
@ -94,20 +103,6 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: type
value_type: string
default_value: image
description: |-
Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool

20
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml generated
View File

@ -2,7 +2,7 @@ command: docker scout repo disable
short: Disable Docker Scout
long: |
The docker scout repo disable command disables Docker Scout on repositories.
usage: docker scout repo disable REPOSITORY|ORG
usage: docker scout repo disable REPOSITORY
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
@ -15,6 +15,24 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Container Registry
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool

20
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml generated
View File

@ -1,7 +1,7 @@
command: docker scout repo enable
short: Enable Docker Scout
long: The docker scout repo enable command enables Docker Scout on repositories.
usage: docker scout repo enable REPOSITORY|ORG
usage: docker scout repo enable REPOSITORY
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
@ -14,6 +14,24 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Container Registry
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool

29
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml generated
View File

@ -1,8 +1,10 @@
command: docker scout repo list
short: Repo Docker Scout
long: |
short: List Docker Scout repositories
long: |-
The docker scout repo list command shows all repositories in an organization.
usage: docker scout repo list ORG
If ORG is not provided the default configured organization will be used.
usage: docker scout repo list
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
@ -35,6 +37,27 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: only-registry
value_type: string
description: |-
Filter to a specific registry only:
- hub.docker.com
- ecr (AWS ECR)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool

28
_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml generated
View File

@ -12,6 +12,7 @@ long: |-
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -21,7 +22,15 @@ long: |-
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
usage: docker scout sbom [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@ -74,22 +83,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: type
value_type: string
default_value: image
description: |-
Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
Can only be used with archive.
deprecated: false
hidden: false
experimental: false

11
_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml generated
View File

@ -47,6 +47,17 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: refresh-registry
value_type: bool
default_value: "false"
description: |
Refresh the list of repositories of a registry at every run. Only with --registry.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Registry to watch

3
_vendor/github.com/docker/scout-cli/docs/scout.md generated
View File

@ -17,7 +17,8 @@ Command line tool for Docker Scout
| [`cves`](scout_cves.md) | Display CVEs identified in a software artifact |
| [`enroll`](scout_enroll.md) | Enroll an organization with Docker Scout |
| [`environment`](scout_environment.md) | Manage environments (experimental) |
| [`policy`](scout_policy.md) | Display the policy results of an image (experimental) |
| [`integration`](scout_integration.md) | Commands to list, configure, and delete Docker Scout integrations |
| [`policy`](scout_policy.md) | Evaluate policies against an image and display the policy evaluation results (experimental) |
| [`push`](scout_push.md) | Push an image or image index to Docker Scout (experimental) |
| [`quickview`](scout_quickview.md) | Quick overview of an image |
| [`recommendations`](scout_recommendations.md) | Display available base image updates and remediation recommendations |

4
_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md generated
View File

@ -48,8 +48,4 @@ Docker Scout cached SBOMs are located at:
sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
Total: 4 MB
What's Next?
Delete all cached SBOMs → docker scout prune
```

30
_vendor/github.com/docker/scout-cli/docs/scout_compare.md generated
View File

@ -13,6 +13,7 @@ Compare two images and display differences (experimental)
|:----------------------|:--------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerability changes are detected |
| `--format` | `string` | `text` | Output format of the generated vulnerability report:<br>- text: default output, plain text with or without colors depending on the terminal<br>- markdown: Markdown output<br> |
| `--hide-policies` | | | Hide policy status from the output |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--ignore-unchanged` | | | Filter out unchanged packages |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
@ -24,13 +25,11 @@ Compare two images and display differences (experimental)
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
| `--to` | `string` | | Image, directory, or archive to compare to |
| `--to-env` | `string` | | Name of environment to compare to |
| `--to-latest` | | | Latest image processed to compare to |
| `--to-ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. |
| `--to-type` | `string` | `image` | Image type to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br>- fs (directory or file)<br> |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br>- fs (directory or file)<br> |
| `--to-ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
<!---MARKER_GEN_END-->
@ -51,6 +50,7 @@ The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -60,7 +60,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` or `--to-type` flag.
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
## Examples
@ -70,6 +78,12 @@ If the artifact you want to analyze is an OCI directory or a tarball archive, yo
$ docker scout compare --to namespace/repo:latest
```
### Compare local build to the same tag from the registry
```console
$ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
```
### Ignore base images
```console
@ -87,3 +101,9 @@ $ docker scout compare --format markdown --to namespace/repo:latest namespace/re
```console
$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Show all policy results for both images
```console
docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
```

70
_vendor/github.com/docker/scout-cli/docs/scout_cves.md generated
View File

@ -9,31 +9,30 @@ Display CVEs identified in a software artifact
### Options
| Name | Type | Default | Description |
|:-----------------------|:--------------|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--details` | | | Print details on default text output |
| `--env` | `string` | | Name of environment |
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- markdown: markdown output (including some html tags like collapsible sections)<br> |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--locations` | | | Print package locations including file paths and layer diff_id |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
| `--only-fixed` | | | Filter to fixable CVEs |
| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
| `--only-unfixed` | | | Filter to unfixed CVEs |
| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br>- fs (directory or file)<br> |
| `--vex` | | | Apply VEX statements to filter CVEs |
| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
| Name | Type | Default | Description |
|:-----------------------|:--------------|:-----------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--details` | | | Print details on default text output |
| `--env` | `string` | | Name of environment |
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- spdx: json SPDX output <br>- markdown: markdown output (including some html tags like collapsible sections)<br> |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--locations` | | | Print package locations including file paths and layer diff_id |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
| `--only-fixed` | | | Filter to fixable CVEs |
| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
| `--only-unfixed` | | | Filter to unfixed CVEs |
| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
| `--vex` | | | Apply VEX statements to filter CVEs |
| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
<!---MARKER_GEN_END-->
@ -49,6 +48,7 @@ The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -58,7 +58,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
## Examples
@ -77,7 +85,7 @@ Analyzing image alpine
```console
$ docker save alpine > alpine.tar
$ docker scout cves --type archive alpine.tar
$ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar
✓ Archive read
✓ SBOM of image already cached, 18 packages indexed
@ -89,7 +97,7 @@ Analyzing archive alpine.tar
```console
$ skopeo copy --override-os linux docker://alpine oci:alpine
$ docker scout cves --type oci-dir alpine
$ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine
✓ OCI directory read
✓ Image stored for indexing
@ -97,6 +105,12 @@ Analyzing OCI directory alpine
✓ No vulnerable package detected
```
### Display vulnerabilities from the current directory
```console
$ docker scout cves fs://.
```
### Export vulnerabilities to a SARIF JSON file
```console

14
_vendor/github.com/docker/scout-cli/docs/scout_entitlement.md generated
View File

@ -1,14 +0,0 @@
# docker scout entitlement
<!---MARKER_GEN_START-->
Manage entitlement of a Docker Hub repository
### Options
| Name | Type | Default | Description |
|:------------|:-----|:--------|:-----------------------------------|
| `--disable` | | | Disable Docker Scout on repository |
<!---MARKER_GEN_END-->

17
_vendor/github.com/docker/scout-cli/docs/scout_integration.md generated Normal file
View File

@ -0,0 +1,17 @@
# docker scout integration
<!---MARKER_GEN_START-->
Commands to list, configure, and delete Docker Scout integrations
### Subcommands
| Name | Description |
|:----------------------------------------------|:----------------------------------------------------|
| [`configure`](scout_integration_configure.md) | Configure or update a new integration configuration |
| [`delete`](scout_integration_delete.md) | Delete a new integration configuration |
| [`list`](scout_integration_list.md) | Integration Docker Scout |
<!---MARKER_GEN_END-->

16
_vendor/github.com/docker/scout-cli/docs/scout_integration_configure.md generated Normal file
View File

@ -0,0 +1,16 @@
# docker scout integration configure
<!---MARKER_GEN_START-->
Configure or update a new integration configuration
### Options
| Name | Type | Default | Description |
|:--------------|:--------------|:--------|:-------------------------------------------------------------|
| `--name` | `string` | | Name of integration configuration to create |
| `--org` | `string` | | Namespace of the Docker organization |
| `--parameter` | `stringSlice` | | Integration parameters in the form of --parameter NAME=VALUE |
<!---MARKER_GEN_END-->

15
_vendor/github.com/docker/scout-cli/docs/scout_integration_delete.md generated Normal file
View File

@ -0,0 +1,15 @@
# docker scout integration delete
<!---MARKER_GEN_START-->
Delete a new integration configuration
### Options
| Name | Type | Default | Description |
|:---------|:---------|:--------|:--------------------------------------------|
| `--name` | `string` | | Name of integration configuration to delete |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

15
_vendor/github.com/docker/scout-cli/docs/scout_integration_list.md generated Normal file
View File

@ -0,0 +1,15 @@
# docker scout integration list
<!---MARKER_GEN_START-->
Integration Docker Scout
### Options
| Name | Type | Default | Description |
|:---------|:---------|:--------|:------------------------------------------|
| `--name` | `string` | | Name of integration configuration to list |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

32
_vendor/github.com/docker/scout-cli/docs/scout_policy.md generated
View File

@ -1,33 +1,45 @@
# docker scout policy
<!---MARKER_GEN_START-->
Display the policy results of an image (experimental)
Evaluate policies against an image and display the policy evaluation results (experimental)
### Options
| Name | Type | Default | Description |
|:--------------------|:---------|:--------|:-----------------------------------------------|
| `--env` | `string` | | Name of the environment to compare to. |
| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met. |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to pull policy results from. |
| Name | Type | Default | Description |
|:--------------------|:---------|:--------|:------------------------------------------------------------|
| `--env` | `string` | | Name of the environment to compare to |
| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to pull policy results from |
<!---MARKER_GEN_END-->
## Description
The `docker scout policy` command displays the policy results of an image if there are any.
The `docker scout policy` command evaluates policies against an image. The image is indexed into the Scout platform - if it wasn't already - and policies will run against it. The policy results may take a few minutes to become available.
## Examples
### Display the policy results of an image
### Evaluate policies against an image and display the results
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1
```
### Evaluate policies against an image for a specific organization
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy
```
### Evaluate policies against an image with a specific platform
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64
```
### Compare policy results for a repository in a specific environment
```console

45
_vendor/github.com/docker/scout-cli/docs/scout_quickview.md generated
View File

@ -9,14 +9,13 @@ Quick overview of an image
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------|
| `--env` | `string` | | Name of the environment |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br>- fs (directory or file)<br> |
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:---------------------------------------------------------------------------------------------------------|
| `--env` | `string` | | Name of the environment |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
<!---MARKER_GEN_END-->
@ -29,6 +28,31 @@ If available it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image will be used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
## Examples
### Quick overview of an image
@ -45,11 +69,6 @@ $ docker scout quickview golang:1.19.4
│ -5 -1 -3 -6 -6
Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L
│ -5 -1 -2 -19 -6
│ Know more about vulnerabilities:
│ docker scout cves golang:1.19.4
│ Know more about base image update recommendations:
│ docker scout recommendations golang:1.19.4
```
### Quick overview of the most recently built image

32
_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md generated
View File

@ -5,16 +5,15 @@ Display available base image updates and remediation recommendations
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:----------------------------------------------------------------------------------------------------------------|
| `--only-refresh` | | | Only display base image refresh recommendations |
| `--only-update` | | | Only display base image update recommendations |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. |
| `--tag` | `string` | | Specify tag |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br> |
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:---------------------------------------------------------------------------------------------------------|
| `--only-refresh` | | | Only display base image refresh recommendations |
| `--only-update` | | | Only display base image update recommendations |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
| `--tag` | `string` | | Specify tag |
<!---MARKER_GEN_END-->
@ -32,8 +31,9 @@ The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates base image updates and remediation recommendations.
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
@ -41,7 +41,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
## Examples

10
_vendor/github.com/docker/scout-cli/docs/scout_repo.md generated
View File

@ -5,11 +5,11 @@ Commands to list, enable, and disable Docker Scout on repositories
### Subcommands
| Name | Description |
|:-----------------------------------|:---------------------|
| [`disable`](scout_repo_disable.md) | Disable Docker Scout |
| [`enable`](scout_repo_enable.md) | Enable Docker Scout |
| [`list`](scout_repo_list.md) | Repo Docker Scout |
| Name | Description |
|:-----------------------------------|:-------------------------------|
| [`disable`](scout_repo_disable.md) | Disable Docker Scout |
| [`enable`](scout_repo_enable.md) | Enable Docker Scout |
| [`list`](scout_repo_list.md) | List Docker Scout repositories |

8
_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md generated
View File

@ -5,9 +5,11 @@ Disable Docker Scout
### Options
| Name | Type | Default | Description |
|:-----------|:---------|:--------|:--------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name |
| Name | Type | Default | Description |
|:-------------|:---------|:--------|:--------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name |
| `--org` | `string` | | Namespace of the Docker organization |
| `--registry` | `string` | | Container Registry |
<!---MARKER_GEN_END-->

8
_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md generated
View File

@ -5,9 +5,11 @@ Enable Docker Scout
### Options
| Name | Type | Default | Description |
|:-----------|:---------|:--------|:--------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name |
| Name | Type | Default | Description |
|:-------------|:---------|:--------|:--------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name |
| `--org` | `string` | | Namespace of the Docker organization |
| `--registry` | `string` | | Container Registry |
<!---MARKER_GEN_END-->

14
_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md generated
View File

@ -1,15 +1,17 @@
# docker scout repo list
<!---MARKER_GEN_START-->
Repo Docker Scout
List Docker Scout repositories
### Options
| Name | Type | Default | Description |
|:------------------|:---------|:--------|:--------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name |
| `--only-disabled` | | | Filter to disabled repositories only |
| `--only-enabled` | | | Filter to enabled repositories only |
| Name | Type | Default | Description |
|:------------------|:---------|:--------|:---------------------------------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name |
| `--only-disabled` | | | Filter to disabled repositories only |
| `--only-enabled` | | | Filter to enabled repositories only |
| `--only-registry` | `string` | | Filter to a specific registry only:<br>- hub.docker.com<br>- ecr (AWS ECR) |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

26
_vendor/github.com/docker/scout-cli/docs/scout_sbom.md generated
View File

@ -5,14 +5,13 @@ Generate or display SBOM of an image
### Options
| Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------|
| `--format` | `string` | `json` | Output format:<br>- list: list of packages of the image<br>- json: json representation of the SBOM |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)<br>Can only be used with --format list |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br>- fs (directory or file)<br> |
| Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:--------------------------------------------------------------------------------------------------------------------------|
| `--format` | `string` | `json` | Output format:<br>- list: list of packages of the image<br>- json: json representation of the SBOM |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)<br>Can only be used with --format list |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
<!---MARKER_GEN_END-->
@ -30,6 +29,7 @@ The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -39,7 +39,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
## Examples

23
_vendor/github.com/docker/scout-cli/docs/scout_watch.md generated
View File

@ -5,17 +5,18 @@ Watch repositories in a registry and push images and indexes to Docker Scout (ex
### Options
| Name | Type | Default | Description |
|:---------------|:--------------|:--------|:------------------------------------------------------------------------------------|
| `--all-images` | | | Push all images instead of only the ones pushed during the watch command is running |
| `--dry-run` | | | Watch images and prepare them, but do not push them |
| `--interval` | `int64` | `60` | Interval in seconds between checks |
| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed |
| `--registry` | `string` | | Registry to watch |
| `--repository` | `stringSlice` | | Repository to watch |
| `--sbom` | | | Create and upload SBOMs |
| `--tag` | `stringSlice` | | Regular expression to match tags to watch |
| `--workers` | `int` | `3` | Number of concurrent workers |
| Name | Type | Default | Description |
|:---------------------|:--------------|:--------|:------------------------------------------------------------------------------------|
| `--all-images` | | | Push all images instead of only the ones pushed during the watch command is running |
| `--dry-run` | | | Watch images and prepare them, but do not push them |
| `--interval` | `int64` | `60` | Interval in seconds between checks |
| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed |
| `--refresh-registry` | | | Refresh the list of repositories of a registry at every run. Only with --registry. |
| `--registry` | `string` | | Registry to watch |
| `--repository` | `stringSlice` | | Repository to watch |
| `--sbom` | | | Create and upload SBOMs |
| `--tag` | `stringSlice` | | Regular expression to match tags to watch |
| `--workers` | `int` | `3` | Number of concurrent workers |
<!---MARKER_GEN_END-->

2
_vendor/modules.txt
View File

@ -1,7 +1,7 @@
# github.com/moby/moby v24.0.5+incompatible
# github.com/moby/buildkit v0.12.1-0.20230830200556-05eb7287534b
# github.com/docker/buildx v0.11.2
# github.com/docker/scout-cli v0.24.1
# github.com/docker/scout-cli v1.0.2
# github.com/docker/cli v24.0.5+incompatible
# github.com/docker/compose-cli v1.0.35
# github.com/distribution/distribution v2.8.2+incompatible

16
content/engine/reference/commandline/scout_integration.md Normal file
View File

@ -0,0 +1,16 @@
---
datafolder: scout-cli
datafile: docker_scout_integration
title: docker scout integration
layout: cli
---
<!--
This page is automatically generated from Docker's source code. If you want to
suggest a change to the text that appears here, open a ticket in the source
repository on GitHub:
https://github.com/docker/scout-cli
-->
{{< include "scout-early-access.md" >}}

16
content/engine/reference/commandline/scout_integration_configure.md Normal file
View File

@ -0,0 +1,16 @@
---
datafolder: scout-cli
datafile: docker_scout_integration_configure
title: docker scout integration configure
layout: cli
---
<!--
This page is automatically generated from Docker's source code. If you want to
suggest a change to the text that appears here, open a ticket in the source
repository on GitHub:
https://github.com/docker/scout-cli
-->
{{< include "scout-early-access.md" >}}

16
content/engine/reference/commandline/scout_integration_delete.md Normal file
View File

@ -0,0 +1,16 @@
---
datafolder: scout-cli
datafile: docker_scout_integration_delete
title: docker scout integration delete
layout: cli
---
<!--
This page is automatically generated from Docker's source code. If you want to
suggest a change to the text that appears here, open a ticket in the source
repository on GitHub:
https://github.com/docker/scout-cli
-->
{{< include "scout-early-access.md" >}}

16
content/engine/reference/commandline/scout_integration_list.md Normal file
View File

@ -0,0 +1,16 @@
---
datafolder: scout-cli
datafile: docker_scout_integration_list
title: docker scout integration list
layout: cli
---
<!--
This page is automatically generated from Docker's source code. If you want to
suggest a change to the text that appears here, open a ticket in the source
repository on GitHub:
https://github.com/docker/scout-cli
-->
{{< include "scout-early-access.md" >}}

8
data/toc.yaml
View File

@ -630,6 +630,14 @@ Reference:
title: docker scout enroll
- path: /engine/reference/commandline/scout_environment/
title: docker scout environment
- path: /engine/reference/commandline/scout_integration/
title: docker scout integration
- path: /engine/reference/commandline/scout_integration_configure/
title: docker scout integration configure
- path: /engine/reference/commandline/scout_integration_delete/
title: docker scout integration delete
- path: /engine/reference/commandline/scout_integration_list/
title: docker scout integration list
- path: /engine/reference/commandline/scout_policy/
title: docker scout policy
- path: /engine/reference/commandline/scout_quickview/

2
go.mod
View File

@ -9,7 +9,7 @@ require (
github.com/docker/cli v24.0.5+incompatible // indirect
github.com/docker/compose-cli v1.0.35 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/scout-cli v0.24.1 // indirect
github.com/docker/scout-cli v1.0.2 // indirect
github.com/moby/buildkit v0.12.1-0.20230830200556-05eb7287534b // indirect
github.com/moby/moby v24.0.5+incompatible // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect

2
go.sum
View File

@ -73,6 +73,8 @@ github.com/docker/scout-cli v0.23.3 h1:ToQ/Gw1clQ2GJ47Yt0HCefJB55oPOHZYH6rVxGdfF
github.com/docker/scout-cli v0.23.3/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v0.24.1 h1:ga1J6dsKXfhBQ98wKbb+GWncuMdqErxhpLMxPSMqH+g=
github.com/docker/scout-cli v0.24.1/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.0.2 h1:KweJ2S/WXncRIv+9+GrNI4bq/5TjcWY8WyWqgfV1zdM=
github.com/docker/scout-cli v1.0.2/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=