diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml
index 02b8943e46..27c087b748 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml
@@ -11,6 +11,7 @@ cname:
- docker scout cves
- docker scout enroll
- docker scout environment
+ - docker scout integration
- docker scout quickview
- docker scout recommendations
- docker scout repo
@@ -22,6 +23,7 @@ clink:
- docker_scout_cves.yaml
- docker_scout_enroll.yaml
- docker_scout_environment.yaml
+ - docker_scout_integration.yaml
- docker_scout_quickview.yaml
- docker_scout_recommendations.yaml
- docker_scout_repo.yaml
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml
index e7e0c7a190..2f5a2c8a2b 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml
@@ -53,10 +53,6 @@ examples: |-
sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
Total: 4 MB
-
-
- What's Next?
- Delete all cached SBOMs → docker scout prune
```
deprecated: false
experimental: false
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml
index ad27c7c9cd..2611d95215 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml
@@ -16,6 +16,7 @@ long: |-
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
+ - Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@@ -25,7 +26,15 @@ long: |-
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
- If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` or `--to-type` flag.
+ If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+ or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+ - `image://` (default) use a local image, or fall back to a registry lookup
+ - `local://` use an image from the local image store (don't do a registry lookup)
+ - `registry://` use an image from a registry (don't use a local image)
+ - `oci-dir://` use an OCI layout directory
+ - `archive://` use a tarball archive, as created by docker save
+ - `fs://` use a local directory or file
usage: docker scout compare --to IMAGE|DIRECTORY|ARCHIVE [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@@ -54,6 +63,16 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: hide-policies
+ value_type: bool
+ default_value: "false"
+ description: Hide policy status from the output
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
- option: ignore-base
value_type: bool
default_value: "false"
@@ -168,7 +187,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
- Can only be used with --type archive.
+ Can only be used with archive.
deprecated: false
hidden: false
experimental: false
@@ -207,7 +226,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
- Can only be used with --type archive.
+ Can only be used with archive.
deprecated: false
hidden: false
experimental: false
@@ -223,36 +242,6 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- - option: to-type
- value_type: string
- default_value: image
- description: |-
- Image type to analyze. Can be one of:
- - image
- - oci-dir
- - archive (docker save tarball)
- - fs (directory or file)
- deprecated: false
- hidden: false
- experimental: false
- experimentalcli: false
- kubernetes: false
- swarm: false
- - option: type
- value_type: string
- default_value: image
- description: |-
- Type of the image to analyze. Can be one of:
- - image
- - oci-dir
- - archive (docker save tarball)
- - fs (directory or file)
- deprecated: false
- hidden: false
- experimental: false
- experimentalcli: false
- kubernetes: false
- swarm: false
inherited_options:
- option: debug
value_type: bool
@@ -271,6 +260,12 @@ examples: |-
$ docker scout compare --to namespace/repo:latest
```
+ ### Compare local build to the same tag from the registry
+
+ ```console
+ $ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
+ ```
+
### Ignore base images
```console
@@ -288,6 +283,12 @@ examples: |-
```console
$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
+
+ ### Show all policy results for both images
+
+ ```console
+ docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
+ ```
deprecated: false
experimental: false
experimentalcli: true
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
index ea8a34bf3a..8e81045d93 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
@@ -10,6 +10,7 @@ long: |-
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
+ - Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@@ -19,7 +20,15 @@ long: |-
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
- If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
+ If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+ or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+ - `image://` (default) use a local image, or fall back to a registry lookup
+ - `local://` use an image from the local image store (don't do a registry lookup)
+ - `registry://` use an image from a registry (don't use a local image)
+ - `oci-dir://` use an OCI layout directory
+ - `archive://` use a tarball archive, as created by docker save
+ - `fs://` use a local directory or file
usage: docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@@ -57,11 +66,7 @@ options:
- option: format
value_type: string
default_value: packages
- description: |-
- Output format of the generated vulnerability report:
- - packages: default output, plain text with vulnerabilities grouped by packages
- - sarif: json Sarif output
- - markdown: markdown output (including some html tags like collapsible sections)
+ description: "Output format of the generated vulnerability report:\n- packages: default output, plain text with vulnerabilities grouped by packages\n- sarif: json Sarif output\n- spdx: json SPDX output \n- markdown: markdown output (including some html tags like collapsible sections)"
deprecated: false
hidden: false
experimental: false
@@ -214,7 +219,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
- Can only be used with --type archive.
+ Can only be used with archive.
deprecated: false
hidden: false
experimental: false
@@ -230,21 +235,6 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- - option: type
- value_type: string
- default_value: image
- description: |-
- Type of the image to analyze. Can be one of:
- - image
- - oci-dir
- - archive (docker save tarball)
- - fs (directory or file)
- deprecated: false
- hidden: false
- experimental: false
- experimentalcli: false
- kubernetes: false
- swarm: false
- option: vex
value_type: bool
default_value: "false"
@@ -302,7 +292,7 @@ examples: |-
```console
$ docker save alpine > alpine.tar
- $ docker scout cves --type archive alpine.tar
+ $ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar
✓ Archive read
✓ SBOM of image already cached, 18 packages indexed
@@ -314,7 +304,7 @@ examples: |-
```console
$ skopeo copy --override-os linux docker://alpine oci:alpine
- $ docker scout cves --type oci-dir alpine
+ $ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine
✓ OCI directory read
✓ Image stored for indexing
@@ -322,6 +312,12 @@ examples: |-
✓ No vulnerable package detected
```
+ ### Display vulnerabilities from the current directory
+
+ ```console
+ $ docker scout cves fs://.
+ ```
+
### Export vulnerabilities to a SARIF JSON file
```console
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_entitlement.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_entitlement.yaml
deleted file mode 100644
index 146a8ac32b..0000000000
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_entitlement.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-command: docker scout entitlement
-short: Manage entitlement of a Docker Hub repository
-long: |
- The docker scout entitlement command enables Docker Scout on repositories on Docker Hub.
-usage: docker scout entitlement REPOSITORY
-pname: docker scout
-plink: docker_scout.yaml
-options:
- - option: disable
- value_type: bool
- default_value: "false"
- description: Disable Docker Scout on repository
- deprecated: false
- hidden: false
- experimental: false
- experimentalcli: false
- kubernetes: false
- swarm: false
-inherited_options:
- - option: debug
- value_type: bool
- default_value: "false"
- description: Debug messages
- deprecated: false
- hidden: true
- experimental: false
- experimentalcli: false
- kubernetes: false
- swarm: false
-deprecated: true
-experimental: false
-experimentalcli: false
-kubernetes: false
-swarm: false
-
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration.yaml
new file mode 100644
index 0000000000..cf02faaaf4
--- /dev/null
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration.yaml
@@ -0,0 +1,30 @@
+command: docker scout integration
+short: Commands to list, configure, and delete Docker Scout integrations
+long: Commands to list, configure, and delete Docker Scout integrations
+pname: docker scout
+plink: docker_scout.yaml
+cname:
+ - docker scout integration configure
+ - docker scout integration delete
+ - docker scout integration list
+clink:
+ - docker_scout_integration_configure.yaml
+ - docker_scout_integration_delete.yaml
+ - docker_scout_integration_list.yaml
+inherited_options:
+ - option: debug
+ value_type: bool
+ default_value: "false"
+ description: Debug messages
+ deprecated: false
+ hidden: true
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+deprecated: false
+experimental: false
+experimentalcli: false
+kubernetes: false
+swarm: false
+
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_configure.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_configure.yaml
new file mode 100644
index 0000000000..bba67767bd
--- /dev/null
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_configure.yaml
@@ -0,0 +1,53 @@
+command: docker scout integration configure
+short: Configure or update a new integration configuration
+long: |
+ The docker scout integration configure command creates or updates a new integration configuration for an organization.
+usage: docker scout integration configure INTEGRATION
+pname: docker scout integration
+plink: docker_scout_integration.yaml
+options:
+ - option: name
+ value_type: string
+ description: Name of integration configuration to create
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+ - option: org
+ value_type: string
+ description: Namespace of the Docker organization
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+ - option: parameter
+ value_type: stringSlice
+ default_value: '[]'
+ description: Integration parameters in the form of --parameter NAME=VALUE
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+inherited_options:
+ - option: debug
+ value_type: bool
+ default_value: "false"
+ description: Debug messages
+ deprecated: false
+ hidden: true
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+deprecated: false
+experimental: false
+experimentalcli: false
+kubernetes: false
+swarm: false
+
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_delete.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_delete.yaml
new file mode 100644
index 0000000000..7be74f6956
--- /dev/null
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_delete.yaml
@@ -0,0 +1,43 @@
+command: docker scout integration delete
+short: Delete a new integration configuration
+long: |
+ The docker scout integration delete command deletes a new integration configuration for an organization.
+usage: docker scout integration delete INTEGRATION
+pname: docker scout integration
+plink: docker_scout_integration.yaml
+options:
+ - option: name
+ value_type: string
+ description: Name of integration configuration to delete
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+ - option: org
+ value_type: string
+ description: Namespace of the Docker organization
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+inherited_options:
+ - option: debug
+ value_type: bool
+ default_value: "false"
+ description: Debug messages
+ deprecated: false
+ hidden: true
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+deprecated: false
+experimental: false
+experimentalcli: false
+kubernetes: false
+swarm: false
+
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_list.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_list.yaml
new file mode 100644
index 0000000000..dab6cdb156
--- /dev/null
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_list.yaml
@@ -0,0 +1,43 @@
+command: docker scout integration list
+short: Integration Docker Scout
+long: |
+ The docker scout integration list configured integrations for an organization.
+usage: docker scout integration list [INTEGRATION]
+pname: docker scout integration
+plink: docker_scout_integration.yaml
+options:
+ - option: name
+ value_type: string
+ description: Name of integration configuration to list
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+ - option: org
+ value_type: string
+ description: Namespace of the Docker organization
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+inherited_options:
+ - option: debug
+ value_type: bool
+ default_value: "false"
+ description: Debug messages
+ deprecated: false
+ hidden: true
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+deprecated: false
+experimental: false
+experimentalcli: false
+kubernetes: false
+swarm: false
+
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml
index 776f992ab6..c83f7b4809 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml
@@ -1,14 +1,15 @@
command: docker scout policy
-short: Display the policy results of an image (experimental)
+short: |
+ Evaluate policies against an image and display the policy evaluation results (experimental)
long: |
- The `docker scout policy` command displays the policy results of an image if there are any.
+ The `docker scout policy` command evaluates policies against an image. The image is indexed into the Scout platform - if it wasn't already - and policies will run against it. The policy results may take a few minutes to become available.
usage: docker scout policy [IMAGE | REPO]
pname: docker scout
plink: docker_scout.yaml
options:
- option: env
value_type: string
- description: Name of the environment to compare to.
+ description: Name of the environment to compare to
deprecated: false
hidden: false
experimental: false
@@ -19,7 +20,7 @@ options:
shorthand: e
value_type: bool
default_value: "false"
- description: Return exit code '2' if policies are not met.
+ description: Return exit code '2' if policies are not met, '0' otherwise
deprecated: false
hidden: false
experimental: false
@@ -38,7 +39,7 @@ options:
- option: output
shorthand: o
value_type: string
- description: Write the report to a file.
+ description: Write the report to a file
deprecated: false
hidden: false
experimental: false
@@ -47,7 +48,7 @@ options:
swarm: false
- option: platform
value_type: string
- description: Platform of image to pull policy results from.
+ description: Platform of image to pull policy results from
deprecated: false
hidden: false
experimental: false
@@ -66,12 +67,24 @@ inherited_options:
kubernetes: false
swarm: false
examples: |-
- ### Display the policy results of an image
+ ### Evaluate policies against an image and display the results
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1
```
+ ### Evaluate policies against an image for a specific organization
+
+ ```console
+ $ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy
+ ```
+
+ ### Evaluate policies against an image with a specific platform
+
+ ```console
+ $ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64
+ ```
+
### Compare policy results for a repository in a specific environment
```console
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml
index b7c3cb403b..a4d3c8f5a1 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml
@@ -7,6 +7,31 @@ long: |-
If available it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image will be used.
+
+ The following artifact types are supported:
+
+ - Images
+ - OCI layout directories
+ - Tarball archives, as created by `docker save`
+ - Local directory or file
+
+ The tool analyzes the provided software artifact, and generates a vulnerability report.
+
+ By default, the tool expects an image reference, such as:
+
+ - `redis`
+ - `curlimages/curl:7.87.0`
+ - `mcr.microsoft.com/dotnet/runtime:7.0`
+
+ If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+ or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+ - `image://` (default) use a local image, or fall back to a registry lookup
+ - `local://` use an image from the local image store (don't do a registry lookup)
+ - `registry://` use an image from a registry (don't use a local image)
+ - `oci-dir://` use an OCI layout directory
+ - `archive://` use a tarball archive, as created by docker save
+ - `fs://` use a local directory or file
usage: docker scout quickview [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@@ -52,7 +77,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
- Can only be used with --type archive.
+ Can only be used with archive.
deprecated: false
hidden: false
experimental: false
@@ -68,21 +93,6 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- - option: type
- value_type: string
- default_value: image
- description: |-
- Type of the image to analyze. Can be one of:
- - image
- - oci-dir
- - archive (docker save tarball)
- - fs (directory or file)
- deprecated: false
- hidden: false
- experimental: false
- experimentalcli: false
- kubernetes: false
- swarm: false
inherited_options:
- option: debug
value_type: bool
@@ -109,11 +119,6 @@ examples: |-
│ -5 -1 -3 -6 -6
Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L
│ -5 -1 -2 -19 -6
-
- │ Know more about vulnerabilities:
- │ docker scout cves golang:1.19.4
- │ Know more about base image update recommendations:
- │ docker scout recommendations golang:1.19.4
```
### Quick overview of the most recently built image
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml
index 3536fdd2c7..2ad5d196f9 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml
@@ -12,8 +12,9 @@ long: |-
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
+ - Local directory or file
- The tool analyzes the provided software artifact, and generates base image updates and remediation recommendations.
+ The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
@@ -21,7 +22,15 @@ long: |-
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
- If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
+ If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+ or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+ - `image://` (default) use a local image, or fall back to a registry lookup
+ - `local://` use an image from the local image store (don't do a registry lookup)
+ - `registry://` use an image from a registry (don't use a local image)
+ - `oci-dir://` use an OCI layout directory
+ - `archive://` use a tarball archive, as created by docker save
+ - `fs://` use a local directory or file
usage: docker scout recommendations [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@@ -78,7 +87,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
- Can only be used with --type archive.
+ Can only be used with archive.
deprecated: false
hidden: false
experimental: false
@@ -94,20 +103,6 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- - option: type
- value_type: string
- default_value: image
- description: |-
- Type of the image to analyze. Can be one of:
- - image
- - oci-dir
- - archive (docker save tarball)
- deprecated: false
- hidden: false
- experimental: false
- experimentalcli: false
- kubernetes: false
- swarm: false
inherited_options:
- option: debug
value_type: bool
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml
index 601a2e9276..c1eba650e8 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml
@@ -2,7 +2,7 @@ command: docker scout repo disable
short: Disable Docker Scout
long: |
The docker scout repo disable command disables Docker Scout on repositories.
-usage: docker scout repo disable REPOSITORY|ORG
+usage: docker scout repo disable REPOSITORY
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
@@ -15,6 +15,24 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: org
+ value_type: string
+ description: Namespace of the Docker organization
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+ - option: registry
+ value_type: string
+ description: Container Registry
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
inherited_options:
- option: debug
value_type: bool
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml
index 7abe655dbe..516c7eb435 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml
@@ -1,7 +1,7 @@
command: docker scout repo enable
short: Enable Docker Scout
long: The docker scout repo enable command enables Docker Scout on repositories.
-usage: docker scout repo enable REPOSITORY|ORG
+usage: docker scout repo enable REPOSITORY
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
@@ -14,6 +14,24 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: org
+ value_type: string
+ description: Namespace of the Docker organization
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+ - option: registry
+ value_type: string
+ description: Container Registry
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
inherited_options:
- option: debug
value_type: bool
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml
index bb76ef9fe0..9eaa20d929 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml
@@ -1,8 +1,10 @@
command: docker scout repo list
-short: Repo Docker Scout
-long: |
+short: List Docker Scout repositories
+long: |-
The docker scout repo list command shows all repositories in an organization.
-usage: docker scout repo list ORG
+
+ If ORG is not provided the default configured organization will be used.
+usage: docker scout repo list
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
@@ -35,6 +37,27 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: only-registry
+ value_type: string
+ description: |-
+ Filter to a specific registry only:
+ - hub.docker.com
+ - ecr (AWS ECR)
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+ - option: org
+ value_type: string
+ description: Namespace of the Docker organization
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
inherited_options:
- option: debug
value_type: bool
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml
index 8b7daab9de..df48a07b0b 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml
@@ -12,6 +12,7 @@ long: |-
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
+ - Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@@ -21,7 +22,15 @@ long: |-
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
- If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
+ If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+ or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+ - `image://` (default) use a local image, or fall back to a registry lookup
+ - `local://` use an image from the local image store (don't do a registry lookup)
+ - `registry://` use an image from a registry (don't use a local image)
+ - `oci-dir://` use an OCI layout directory
+ - `archive://` use a tarball archive, as created by docker save
+ - `fs://` use a local directory or file
usage: docker scout sbom [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@@ -74,22 +83,7 @@ options:
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
- Can only be used with --type archive.
- deprecated: false
- hidden: false
- experimental: false
- experimentalcli: false
- kubernetes: false
- swarm: false
- - option: type
- value_type: string
- default_value: image
- description: |-
- Type of the image to analyze. Can be one of:
- - image
- - oci-dir
- - archive (docker save tarball)
- - fs (directory or file)
+ Can only be used with archive.
deprecated: false
hidden: false
experimental: false
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml
index 30c5e25900..45a572eeaa 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml
@@ -47,6 +47,17 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: refresh-registry
+ value_type: bool
+ default_value: "false"
+ description: |
+ Refresh the list of repositories of a registry at every run. Only with --registry.
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
- option: registry
value_type: string
description: Registry to watch
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout.md b/_vendor/github.com/docker/scout-cli/docs/scout.md
index a3adc130b4..93c6d45389 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout.md
@@ -17,7 +17,8 @@ Command line tool for Docker Scout
| [`cves`](scout_cves.md) | Display CVEs identified in a software artifact |
| [`enroll`](scout_enroll.md) | Enroll an organization with Docker Scout |
| [`environment`](scout_environment.md) | Manage environments (experimental) |
-| [`policy`](scout_policy.md) | Display the policy results of an image (experimental) |
+| [`integration`](scout_integration.md) | Commands to list, configure, and delete Docker Scout integrations |
+| [`policy`](scout_policy.md) | Evaluate policies against an image and display the policy evaluation results (experimental) |
| [`push`](scout_push.md) | Push an image or image index to Docker Scout (experimental) |
| [`quickview`](scout_quickview.md) | Quick overview of an image |
| [`recommendations`](scout_recommendations.md) | Display available base image updates and remediation recommendations |
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md b/_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md
index c536d5f70c..a9cf9655c7 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md
@@ -48,8 +48,4 @@ Docker Scout cached SBOMs are located at:
sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
Total: 4 MB
-
-
-What's Next?
- Delete all cached SBOMs → docker scout prune
```
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_compare.md b/_vendor/github.com/docker/scout-cli/docs/scout_compare.md
index da4cce5464..4bea8bf313 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_compare.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_compare.md
@@ -13,6 +13,7 @@ Compare two images and display differences (experimental)
|:----------------------|:--------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerability changes are detected |
| `--format` | `string` | `text` | Output format of the generated vulnerability report:
- text: default output, plain text with or without colors depending on the terminal
- markdown: Markdown output
|
+| `--hide-policies` | | | Hide policy status from the output |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--ignore-unchanged` | | | Filter out unchanged packages |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
@@ -24,13 +25,11 @@ Compare two images and display differences (experimental)
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
-| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. |
+| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive. |
| `--to` | `string` | | Image, directory, or archive to compare to |
| `--to-env` | `string` | | Name of environment to compare to |
| `--to-latest` | | | Latest image processed to compare to |
-| `--to-ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. |
-| `--to-type` | `string` | `image` | Image type to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
|
-| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
|
+| `--to-ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive. |
@@ -51,6 +50,7 @@ The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
+- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@@ -60,7 +60,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
-If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` or `--to-type` flag.
+If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+- `image://` (default) use a local image, or fall back to a registry lookup
+- `local://` use an image from the local image store (don't do a registry lookup)
+- `registry://` use an image from a registry (don't use a local image)
+- `oci-dir://` use an OCI layout directory
+- `archive://` use a tarball archive, as created by docker save
+- `fs://` use a local directory or file
## Examples
@@ -70,6 +78,12 @@ If the artifact you want to analyze is an OCI directory or a tarball archive, yo
$ docker scout compare --to namespace/repo:latest
```
+### Compare local build to the same tag from the registry
+
+```console
+$ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
+```
+
### Ignore base images
```console
@@ -87,3 +101,9 @@ $ docker scout compare --format markdown --to namespace/repo:latest namespace/re
```console
$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
+
+### Show all policy results for both images
+
+```console
+docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
+```
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
index b4bb7ab03c..f52c6332ab 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
@@ -9,31 +9,30 @@ Display CVEs identified in a software artifact
### Options
-| Name | Type | Default | Description |
-|:-----------------------|:--------------|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `--details` | | | Print details on default text output |
-| `--env` | `string` | | Name of environment |
-| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
-| `--format` | `string` | `packages` | Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- markdown: markdown output (including some html tags like collapsible sections)
|
-| `--ignore-base` | | | Filter out CVEs introduced from base image |
-| `--locations` | | | Print package locations including file paths and layer diff_id |
-| `--multi-stage` | | | Show packages from multi-stage Docker builds |
-| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
-| `--only-fixed` | | | Filter to fixable CVEs |
-| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
-| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
-| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
-| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
-| `--only-unfixed` | | | Filter to unfixed CVEs |
-| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
-| `--org` | `string` | | Namespace of the Docker organization |
-| `-o`, `--output` | `string` | | Write the report to a file. |
-| `--platform` | `string` | | Platform of image to analyze |
-| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. |
-| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
|
-| `--vex` | | | Apply VEX statements to filter CVEs |
-| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
-| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
+| Name | Type | Default | Description |
+|:-----------------------|:--------------|:-----------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `--details` | | | Print details on default text output |
+| `--env` | `string` | | Name of environment |
+| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
+| `--format` | `string` | `packages` | Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- spdx: json SPDX output
- markdown: markdown output (including some html tags like collapsible sections)
|
+| `--ignore-base` | | | Filter out CVEs introduced from base image |
+| `--locations` | | | Print package locations including file paths and layer diff_id |
+| `--multi-stage` | | | Show packages from multi-stage Docker builds |
+| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
+| `--only-fixed` | | | Filter to fixable CVEs |
+| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
+| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
+| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
+| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
+| `--only-unfixed` | | | Filter to unfixed CVEs |
+| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
+| `--org` | `string` | | Namespace of the Docker organization |
+| `-o`, `--output` | `string` | | Write the report to a file. |
+| `--platform` | `string` | | Platform of image to analyze |
+| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive. |
+| `--vex` | | | Apply VEX statements to filter CVEs |
+| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
+| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
@@ -49,6 +48,7 @@ The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
+- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@@ -58,7 +58,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
-If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
+If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+- `image://` (default) use a local image, or fall back to a registry lookup
+- `local://` use an image from the local image store (don't do a registry lookup)
+- `registry://` use an image from a registry (don't use a local image)
+- `oci-dir://` use an OCI layout directory
+- `archive://` use a tarball archive, as created by docker save
+- `fs://` use a local directory or file
## Examples
@@ -77,7 +85,7 @@ Analyzing image alpine
```console
$ docker save alpine > alpine.tar
-$ docker scout cves --type archive alpine.tar
+$ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar
✓ Archive read
✓ SBOM of image already cached, 18 packages indexed
@@ -89,7 +97,7 @@ Analyzing archive alpine.tar
```console
$ skopeo copy --override-os linux docker://alpine oci:alpine
-$ docker scout cves --type oci-dir alpine
+$ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine
✓ OCI directory read
✓ Image stored for indexing
@@ -97,6 +105,12 @@ Analyzing OCI directory alpine
✓ No vulnerable package detected
```
+### Display vulnerabilities from the current directory
+
+```console
+$ docker scout cves fs://.
+```
+
### Export vulnerabilities to a SARIF JSON file
```console
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_entitlement.md b/_vendor/github.com/docker/scout-cli/docs/scout_entitlement.md
deleted file mode 100644
index cc36db76bd..0000000000
--- a/_vendor/github.com/docker/scout-cli/docs/scout_entitlement.md
+++ /dev/null
@@ -1,14 +0,0 @@
-# docker scout entitlement
-
-
-Manage entitlement of a Docker Hub repository
-
-### Options
-
-| Name | Type | Default | Description |
-|:------------|:-----|:--------|:-----------------------------------|
-| `--disable` | | | Disable Docker Scout on repository |
-
-
-
-
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_integration.md b/_vendor/github.com/docker/scout-cli/docs/scout_integration.md
new file mode 100644
index 0000000000..9a2def3a0b
--- /dev/null
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_integration.md
@@ -0,0 +1,17 @@
+# docker scout integration
+
+
+Commands to list, configure, and delete Docker Scout integrations
+
+### Subcommands
+
+| Name | Description |
+|:----------------------------------------------|:----------------------------------------------------|
+| [`configure`](scout_integration_configure.md) | Configure or update a new integration configuration |
+| [`delete`](scout_integration_delete.md) | Delete a new integration configuration |
+| [`list`](scout_integration_list.md) | Integration Docker Scout |
+
+
+
+
+
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_integration_configure.md b/_vendor/github.com/docker/scout-cli/docs/scout_integration_configure.md
new file mode 100644
index 0000000000..521193ae3b
--- /dev/null
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_integration_configure.md
@@ -0,0 +1,16 @@
+# docker scout integration configure
+
+
+Configure or update a new integration configuration
+
+### Options
+
+| Name | Type | Default | Description |
+|:--------------|:--------------|:--------|:-------------------------------------------------------------|
+| `--name` | `string` | | Name of integration configuration to create |
+| `--org` | `string` | | Namespace of the Docker organization |
+| `--parameter` | `stringSlice` | | Integration parameters in the form of --parameter NAME=VALUE |
+
+
+
+
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_integration_delete.md b/_vendor/github.com/docker/scout-cli/docs/scout_integration_delete.md
new file mode 100644
index 0000000000..0a68c8adca
--- /dev/null
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_integration_delete.md
@@ -0,0 +1,15 @@
+# docker scout integration delete
+
+
+Delete a new integration configuration
+
+### Options
+
+| Name | Type | Default | Description |
+|:---------|:---------|:--------|:--------------------------------------------|
+| `--name` | `string` | | Name of integration configuration to delete |
+| `--org` | `string` | | Namespace of the Docker organization |
+
+
+
+
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_integration_list.md b/_vendor/github.com/docker/scout-cli/docs/scout_integration_list.md
new file mode 100644
index 0000000000..67b39c59fc
--- /dev/null
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_integration_list.md
@@ -0,0 +1,15 @@
+# docker scout integration list
+
+
+Integration Docker Scout
+
+### Options
+
+| Name | Type | Default | Description |
+|:---------|:---------|:--------|:------------------------------------------|
+| `--name` | `string` | | Name of integration configuration to list |
+| `--org` | `string` | | Namespace of the Docker organization |
+
+
+
+
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_policy.md b/_vendor/github.com/docker/scout-cli/docs/scout_policy.md
index 9ed0bf4676..61ddc0cc8a 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_policy.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_policy.md
@@ -1,33 +1,45 @@
# docker scout policy
-Display the policy results of an image (experimental)
+Evaluate policies against an image and display the policy evaluation results (experimental)
### Options
-| Name | Type | Default | Description |
-|:--------------------|:---------|:--------|:-----------------------------------------------|
-| `--env` | `string` | | Name of the environment to compare to. |
-| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met. |
-| `--org` | `string` | | Namespace of the Docker organization |
-| `-o`, `--output` | `string` | | Write the report to a file. |
-| `--platform` | `string` | | Platform of image to pull policy results from. |
+| Name | Type | Default | Description |
+|:--------------------|:---------|:--------|:------------------------------------------------------------|
+| `--env` | `string` | | Name of the environment to compare to |
+| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise |
+| `--org` | `string` | | Namespace of the Docker organization |
+| `-o`, `--output` | `string` | | Write the report to a file |
+| `--platform` | `string` | | Platform of image to pull policy results from |
## Description
-The `docker scout policy` command displays the policy results of an image if there are any.
+The `docker scout policy` command evaluates policies against an image. The image is indexed into the Scout platform - if it wasn't already - and policies will run against it. The policy results may take a few minutes to become available.
## Examples
-### Display the policy results of an image
+### Evaluate policies against an image and display the results
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1
```
+### Evaluate policies against an image for a specific organization
+
+```console
+$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy
+```
+
+### Evaluate policies against an image with a specific platform
+
+```console
+$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64
+```
+
### Compare policy results for a repository in a specific environment
```console
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md
index 1d0f1b6694..47afdc9a45 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md
@@ -9,14 +9,13 @@ Quick overview of an image
### Options
-| Name | Type | Default | Description |
-|:-----------------|:---------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------|
-| `--env` | `string` | | Name of the environment |
-| `--org` | `string` | | Namespace of the Docker organization |
-| `-o`, `--output` | `string` | | Write the report to a file. |
-| `--platform` | `string` | | Platform of image to analyze |
-| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. |
-| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
|
+| Name | Type | Default | Description |
+|:-----------------|:---------|:--------|:---------------------------------------------------------------------------------------------------------|
+| `--env` | `string` | | Name of the environment |
+| `--org` | `string` | | Namespace of the Docker organization |
+| `-o`, `--output` | `string` | | Write the report to a file. |
+| `--platform` | `string` | | Platform of image to analyze |
+| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive. |
@@ -29,6 +28,31 @@ If available it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image will be used.
+The following artifact types are supported:
+
+- Images
+- OCI layout directories
+- Tarball archives, as created by `docker save`
+- Local directory or file
+
+The tool analyzes the provided software artifact, and generates a vulnerability report.
+
+By default, the tool expects an image reference, such as:
+
+- `redis`
+- `curlimages/curl:7.87.0`
+- `mcr.microsoft.com/dotnet/runtime:7.0`
+
+If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+- `image://` (default) use a local image, or fall back to a registry lookup
+- `local://` use an image from the local image store (don't do a registry lookup)
+- `registry://` use an image from a registry (don't use a local image)
+- `oci-dir://` use an OCI layout directory
+- `archive://` use a tarball archive, as created by docker save
+- `fs://` use a local directory or file
+
## Examples
### Quick overview of an image
@@ -45,11 +69,6 @@ $ docker scout quickview golang:1.19.4
│ -5 -1 -3 -6 -6
Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L
│ -5 -1 -2 -19 -6
-
- │ Know more about vulnerabilities:
- │ docker scout cves golang:1.19.4
- │ Know more about base image update recommendations:
- │ docker scout recommendations golang:1.19.4
```
### Quick overview of the most recently built image
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md b/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md
index fd0c3fb3a0..6f62dcc26e 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md
@@ -5,16 +5,15 @@ Display available base image updates and remediation recommendations
### Options
-| Name | Type | Default | Description |
-|:-----------------|:---------|:--------|:----------------------------------------------------------------------------------------------------------------|
-| `--only-refresh` | | | Only display base image refresh recommendations |
-| `--only-update` | | | Only display base image update recommendations |
-| `--org` | `string` | | Namespace of the Docker organization |
-| `-o`, `--output` | `string` | | Write the report to a file. |
-| `--platform` | `string` | | Platform of image to analyze |
-| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. |
-| `--tag` | `string` | | Specify tag |
-| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
|
+| Name | Type | Default | Description |
+|:-----------------|:---------|:--------|:---------------------------------------------------------------------------------------------------------|
+| `--only-refresh` | | | Only display base image refresh recommendations |
+| `--only-update` | | | Only display base image update recommendations |
+| `--org` | `string` | | Namespace of the Docker organization |
+| `-o`, `--output` | `string` | | Write the report to a file. |
+| `--platform` | `string` | | Platform of image to analyze |
+| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive. |
+| `--tag` | `string` | | Specify tag |
@@ -32,8 +31,9 @@ The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
+- Local directory or file
-The tool analyzes the provided software artifact, and generates base image updates and remediation recommendations.
+The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
@@ -41,7 +41,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
-If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
+If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+- `image://` (default) use a local image, or fall back to a registry lookup
+- `local://` use an image from the local image store (don't do a registry lookup)
+- `registry://` use an image from a registry (don't use a local image)
+- `oci-dir://` use an OCI layout directory
+- `archive://` use a tarball archive, as created by docker save
+- `fs://` use a local directory or file
## Examples
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_repo.md b/_vendor/github.com/docker/scout-cli/docs/scout_repo.md
index e42103e223..1f2038ea75 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_repo.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_repo.md
@@ -5,11 +5,11 @@ Commands to list, enable, and disable Docker Scout on repositories
### Subcommands
-| Name | Description |
-|:-----------------------------------|:---------------------|
-| [`disable`](scout_repo_disable.md) | Disable Docker Scout |
-| [`enable`](scout_repo_enable.md) | Enable Docker Scout |
-| [`list`](scout_repo_list.md) | Repo Docker Scout |
+| Name | Description |
+|:-----------------------------------|:-------------------------------|
+| [`disable`](scout_repo_disable.md) | Disable Docker Scout |
+| [`enable`](scout_repo_enable.md) | Enable Docker Scout |
+| [`list`](scout_repo_list.md) | List Docker Scout repositories |
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md b/_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md
index 43e520edfc..df03711155 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md
@@ -5,9 +5,11 @@ Disable Docker Scout
### Options
-| Name | Type | Default | Description |
-|:-----------|:---------|:--------|:--------------------------------------------------|
-| `--filter` | `string` | | Regular expression to filter repositories by name |
+| Name | Type | Default | Description |
+|:-------------|:---------|:--------|:--------------------------------------------------|
+| `--filter` | `string` | | Regular expression to filter repositories by name |
+| `--org` | `string` | | Namespace of the Docker organization |
+| `--registry` | `string` | | Container Registry |
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md b/_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md
index 1e459bae47..44330d05cd 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md
@@ -5,9 +5,11 @@ Enable Docker Scout
### Options
-| Name | Type | Default | Description |
-|:-----------|:---------|:--------|:--------------------------------------------------|
-| `--filter` | `string` | | Regular expression to filter repositories by name |
+| Name | Type | Default | Description |
+|:-------------|:---------|:--------|:--------------------------------------------------|
+| `--filter` | `string` | | Regular expression to filter repositories by name |
+| `--org` | `string` | | Namespace of the Docker organization |
+| `--registry` | `string` | | Container Registry |
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md b/_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md
index 4c7f1d8ce2..1e2d740574 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md
@@ -1,15 +1,17 @@
# docker scout repo list
-Repo Docker Scout
+List Docker Scout repositories
### Options
-| Name | Type | Default | Description |
-|:------------------|:---------|:--------|:--------------------------------------------------|
-| `--filter` | `string` | | Regular expression to filter repositories by name |
-| `--only-disabled` | | | Filter to disabled repositories only |
-| `--only-enabled` | | | Filter to enabled repositories only |
+| Name | Type | Default | Description |
+|:------------------|:---------|:--------|:---------------------------------------------------------------------------|
+| `--filter` | `string` | | Regular expression to filter repositories by name |
+| `--only-disabled` | | | Filter to disabled repositories only |
+| `--only-enabled` | | | Filter to enabled repositories only |
+| `--only-registry` | `string` | | Filter to a specific registry only:
- hub.docker.com
- ecr (AWS ECR) |
+| `--org` | `string` | | Namespace of the Docker organization |
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md b/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md
index a69d9e0774..3bfa0dd0c7 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md
@@ -5,14 +5,13 @@ Generate or display SBOM of an image
### Options
-| Name | Type | Default | Description |
-|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------|
-| `--format` | `string` | `json` | Output format:
- list: list of packages of the image
- json: json representation of the SBOM |
-| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
Can only be used with --format list |
-| `-o`, `--output` | `string` | | Write the report to a file. |
-| `--platform` | `string` | | Platform of image to analyze |
-| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. |
-| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
|
+| Name | Type | Default | Description |
+|:----------------------|:--------------|:--------|:--------------------------------------------------------------------------------------------------------------------------|
+| `--format` | `string` | `json` | Output format:
- list: list of packages of the image
- json: json representation of the SBOM |
+| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
Can only be used with --format list |
+| `-o`, `--output` | `string` | | Write the report to a file. |
+| `--platform` | `string` | | Platform of image to analyze |
+| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive. |
@@ -30,6 +29,7 @@ The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
+- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
@@ -39,7 +39,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
-If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
+If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+- `image://` (default) use a local image, or fall back to a registry lookup
+- `local://` use an image from the local image store (don't do a registry lookup)
+- `registry://` use an image from a registry (don't use a local image)
+- `oci-dir://` use an OCI layout directory
+- `archive://` use a tarball archive, as created by docker save
+- `fs://` use a local directory or file
## Examples
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_watch.md b/_vendor/github.com/docker/scout-cli/docs/scout_watch.md
index f3446ee68a..99ac1968fe 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_watch.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_watch.md
@@ -5,17 +5,18 @@ Watch repositories in a registry and push images and indexes to Docker Scout (ex
### Options
-| Name | Type | Default | Description |
-|:---------------|:--------------|:--------|:------------------------------------------------------------------------------------|
-| `--all-images` | | | Push all images instead of only the ones pushed during the watch command is running |
-| `--dry-run` | | | Watch images and prepare them, but do not push them |
-| `--interval` | `int64` | `60` | Interval in seconds between checks |
-| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed |
-| `--registry` | `string` | | Registry to watch |
-| `--repository` | `stringSlice` | | Repository to watch |
-| `--sbom` | | | Create and upload SBOMs |
-| `--tag` | `stringSlice` | | Regular expression to match tags to watch |
-| `--workers` | `int` | `3` | Number of concurrent workers |
+| Name | Type | Default | Description |
+|:---------------------|:--------------|:--------|:------------------------------------------------------------------------------------|
+| `--all-images` | | | Push all images instead of only the ones pushed during the watch command is running |
+| `--dry-run` | | | Watch images and prepare them, but do not push them |
+| `--interval` | `int64` | `60` | Interval in seconds between checks |
+| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed |
+| `--refresh-registry` | | | Refresh the list of repositories of a registry at every run. Only with --registry. |
+| `--registry` | `string` | | Registry to watch |
+| `--repository` | `stringSlice` | | Repository to watch |
+| `--sbom` | | | Create and upload SBOMs |
+| `--tag` | `stringSlice` | | Regular expression to match tags to watch |
+| `--workers` | `int` | `3` | Number of concurrent workers |
diff --git a/_vendor/modules.txt b/_vendor/modules.txt
index a4ff5b32f0..9a88b48e3f 100644
--- a/_vendor/modules.txt
+++ b/_vendor/modules.txt
@@ -1,7 +1,7 @@
# github.com/moby/moby v24.0.5+incompatible
# github.com/moby/buildkit v0.12.1-0.20230830200556-05eb7287534b
# github.com/docker/buildx v0.11.2
-# github.com/docker/scout-cli v0.24.1
+# github.com/docker/scout-cli v1.0.2
# github.com/docker/cli v24.0.5+incompatible
# github.com/docker/compose-cli v1.0.35
# github.com/distribution/distribution v2.8.2+incompatible
diff --git a/content/engine/reference/commandline/scout_integration.md b/content/engine/reference/commandline/scout_integration.md
new file mode 100644
index 0000000000..d02e0df704
--- /dev/null
+++ b/content/engine/reference/commandline/scout_integration.md
@@ -0,0 +1,16 @@
+---
+datafolder: scout-cli
+datafile: docker_scout_integration
+title: docker scout integration
+layout: cli
+---
+
+
+
+{{< include "scout-early-access.md" >}}
diff --git a/content/engine/reference/commandline/scout_integration_configure.md b/content/engine/reference/commandline/scout_integration_configure.md
new file mode 100644
index 0000000000..6f07ebb28e
--- /dev/null
+++ b/content/engine/reference/commandline/scout_integration_configure.md
@@ -0,0 +1,16 @@
+---
+datafolder: scout-cli
+datafile: docker_scout_integration_configure
+title: docker scout integration configure
+layout: cli
+---
+
+
+
+{{< include "scout-early-access.md" >}}
diff --git a/content/engine/reference/commandline/scout_integration_delete.md b/content/engine/reference/commandline/scout_integration_delete.md
new file mode 100644
index 0000000000..420cb9e85e
--- /dev/null
+++ b/content/engine/reference/commandline/scout_integration_delete.md
@@ -0,0 +1,16 @@
+---
+datafolder: scout-cli
+datafile: docker_scout_integration_delete
+title: docker scout integration delete
+layout: cli
+---
+
+
+
+{{< include "scout-early-access.md" >}}
diff --git a/content/engine/reference/commandline/scout_integration_list.md b/content/engine/reference/commandline/scout_integration_list.md
new file mode 100644
index 0000000000..bab6c076d8
--- /dev/null
+++ b/content/engine/reference/commandline/scout_integration_list.md
@@ -0,0 +1,16 @@
+---
+datafolder: scout-cli
+datafile: docker_scout_integration_list
+title: docker scout integration list
+layout: cli
+---
+
+
+
+{{< include "scout-early-access.md" >}}
diff --git a/data/toc.yaml b/data/toc.yaml
index 750db43d25..7851daf83b 100644
--- a/data/toc.yaml
+++ b/data/toc.yaml
@@ -630,6 +630,14 @@ Reference:
title: docker scout enroll
- path: /engine/reference/commandline/scout_environment/
title: docker scout environment
+ - path: /engine/reference/commandline/scout_integration/
+ title: docker scout integration
+ - path: /engine/reference/commandline/scout_integration_configure/
+ title: docker scout integration configure
+ - path: /engine/reference/commandline/scout_integration_delete/
+ title: docker scout integration delete
+ - path: /engine/reference/commandline/scout_integration_list/
+ title: docker scout integration list
- path: /engine/reference/commandline/scout_policy/
title: docker scout policy
- path: /engine/reference/commandline/scout_quickview/
diff --git a/go.mod b/go.mod
index 4e34d9ca01..82d0b22f67 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
github.com/docker/cli v24.0.5+incompatible // indirect
github.com/docker/compose-cli v1.0.35 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
- github.com/docker/scout-cli v0.24.1 // indirect
+ github.com/docker/scout-cli v1.0.2 // indirect
github.com/moby/buildkit v0.12.1-0.20230830200556-05eb7287534b // indirect
github.com/moby/moby v24.0.5+incompatible // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index 2f76803e74..47767f4319 100644
--- a/go.sum
+++ b/go.sum
@@ -73,6 +73,8 @@ github.com/docker/scout-cli v0.23.3 h1:ToQ/Gw1clQ2GJ47Yt0HCefJB55oPOHZYH6rVxGdfF
github.com/docker/scout-cli v0.23.3/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v0.24.1 h1:ga1J6dsKXfhBQ98wKbb+GWncuMdqErxhpLMxPSMqH+g=
github.com/docker/scout-cli v0.24.1/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
+github.com/docker/scout-cli v1.0.2 h1:KweJ2S/WXncRIv+9+GrNI4bq/5TjcWY8WyWqgfV1zdM=
+github.com/docker/scout-cli v1.0.2/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=