docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

scout: bump cli v1.0.2 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2023-09-26 10:11:22 +02:00
parent e91fd9843f
commit 93616d55b5
43 changed files with 703 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml generated
View File

@ -11,6 +11,7 @@ cname:
- docker scout cves - docker scout cves
- docker scout enroll - docker scout enroll
- docker scout environment - docker scout environment
- docker scout integration
- docker scout quickview - docker scout quickview
- docker scout recommendations - docker scout recommendations
- docker scout repo - docker scout repo
@ -22,6 +23,7 @@ clink:
- docker_scout_cves.yaml - docker_scout_cves.yaml
- docker_scout_enroll.yaml - docker_scout_enroll.yaml
- docker_scout_environment.yaml - docker_scout_environment.yaml
- docker_scout_integration.yaml
- docker_scout_quickview.yaml - docker_scout_quickview.yaml
- docker_scout_recommendations.yaml - docker_scout_recommendations.yaml
- docker_scout_repo.yaml - docker_scout_repo.yaml

4
_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml generated
View File

@ -53,10 +53,6 @@ examples: |-
sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
Total: 4 MB Total: 4 MB
What's Next?
Delete all cached SBOMs → docker scout prune
``` ```
deprecated: false deprecated: false
experimental: false experimental: false

67
_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml generated
View File

@ -16,6 +16,7 @@ long: |-
- Images - Images
- OCI layout directories - OCI layout directories
- Tarball archives, as created by `docker save` - Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report. The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -25,7 +26,15 @@ long: |-
- `curlimages/curl:7.87.0` - `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0` - `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` or `--to-type` flag. If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
usage: docker scout compare --to IMAGE|DIRECTORY|ARCHIVE [IMAGE|DIRECTORY|ARCHIVE] usage: docker scout compare --to IMAGE|DIRECTORY|ARCHIVE [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout pname: docker scout
plink: docker_scout.yaml plink: docker_scout.yaml
@ -54,6 +63,16 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: hide-policies
value_type: bool
default_value: "false"
description: Hide policy status from the output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-base - option: ignore-base
value_type: bool value_type: bool
default_value: "false" default_value: "false"
@ -168,7 +187,7 @@ options:
value_type: string value_type: string
description: |- description: |-
Reference to use if the provided tarball contains multiple references. Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. Can only be used with archive.
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false
@ -207,7 +226,7 @@ options:
value_type: string value_type: string
description: |- description: |-
Reference to use if the provided tarball contains multiple references. Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. Can only be used with archive.
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false
@ -223,36 +242,6 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: to-type
value_type: string
default_value: image
description: |-
Image type to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: type
value_type: string
default_value: image
description: |-
Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options: inherited_options:
- option: debug - option: debug
value_type: bool value_type: bool
@ -271,6 +260,12 @@ examples: |-
$ docker scout compare --to namespace/repo:latest $ docker scout compare --to namespace/repo:latest
``` ```
### Compare local build to the same tag from the registry
```console
$ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
```
### Ignore base images ### Ignore base images
```console ```console
@ -288,6 +283,12 @@ examples: |-
```console ```console
$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre $ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
``` ```
### Show all policy results for both images
```console
docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
deprecated: false deprecated: false
experimental: false experimental: false
experimentalcli: true experimentalcli: true

44
_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml generated
View File

@ -10,6 +10,7 @@ long: |-
- Images - Images
- OCI layout directories - OCI layout directories
- Tarball archives, as created by `docker save` - Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report. The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -19,7 +20,15 @@ long: |-
- `curlimages/curl:7.87.0` - `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0` - `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag. If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
usage: docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE] usage: docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout pname: docker scout
plink: docker_scout.yaml plink: docker_scout.yaml
@ -57,11 +66,7 @@ options:
- option: format - option: format
value_type: string value_type: string
default_value: packages default_value: packages
description: |- description: "Output format of the generated vulnerability report:\n- packages: default output, plain text with vulnerabilities grouped by packages\n- sarif: json Sarif output\n- spdx: json SPDX output \n- markdown: markdown output (including some html tags like collapsible sections)"
Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- markdown: markdown output (including some html tags like collapsible sections)
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false
@ -214,7 +219,7 @@ options:
value_type: string value_type: string
description: |- description: |-
Reference to use if the provided tarball contains multiple references. Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. Can only be used with archive.
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false
@ -230,21 +235,6 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: type
value_type: string
default_value: image
description: |-
Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex - option: vex
value_type: bool value_type: bool
default_value: "false" default_value: "false"
@ -302,7 +292,7 @@ examples: |-
```console ```console
$ docker save alpine > alpine.tar $ docker save alpine > alpine.tar
$ docker scout cves --type archive alpine.tar $ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar Analyzing archive alpine.tar
✓ Archive read ✓ Archive read
✓ SBOM of image already cached, 18 packages indexed ✓ SBOM of image already cached, 18 packages indexed
@ -314,7 +304,7 @@ examples: |-
```console ```console
$ skopeo copy --override-os linux docker://alpine oci:alpine $ skopeo copy --override-os linux docker://alpine oci:alpine
$ docker scout cves --type oci-dir alpine $ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine Analyzing OCI directory alpine
✓ OCI directory read ✓ OCI directory read
✓ Image stored for indexing ✓ Image stored for indexing
@ -322,6 +312,12 @@ examples: |-
✓ No vulnerable package detected ✓ No vulnerable package detected
``` ```
### Display vulnerabilities from the current directory
```console
$ docker scout cves fs://.
```
### Export vulnerabilities to a SARIF JSON file ### Export vulnerabilities to a SARIF JSON file
```console ```console

35
_vendor/github.com/docker/scout-cli/docs/docker_scout_entitlement.yaml generated
View File

@ -1,35 +0,0 @@
command: docker scout entitlement
short: Manage entitlement of a Docker Hub repository
long: |
The docker scout entitlement command enables Docker Scout on repositories on Docker Hub.
usage: docker scout entitlement REPOSITORY
pname: docker scout
plink: docker_scout.yaml
options:
- option: disable
value_type: bool
default_value: "false"
description: Disable Docker Scout on repository
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

30
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration.yaml generated Normal file
View File

@ -0,0 +1,30 @@
command: docker scout integration
short: Commands to list, configure, and delete Docker Scout integrations
long: Commands to list, configure, and delete Docker Scout integrations
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout integration configure
- docker scout integration delete
- docker scout integration list
clink:
- docker_scout_integration_configure.yaml
- docker_scout_integration_delete.yaml
- docker_scout_integration_list.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

53
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_configure.yaml generated Normal file
View File

@ -0,0 +1,53 @@
command: docker scout integration configure
short: Configure or update a new integration configuration
long: |
The docker scout integration configure command creates or updates a new integration configuration for an organization.
usage: docker scout integration configure INTEGRATION
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to create
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: parameter
value_type: stringSlice
default_value: '[]'
description: Integration parameters in the form of --parameter NAME=VALUE
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

43
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_delete.yaml generated Normal file
View File

@ -0,0 +1,43 @@
command: docker scout integration delete
short: Delete a new integration configuration
long: |
The docker scout integration delete command deletes a new integration configuration for an organization.
usage: docker scout integration delete INTEGRATION
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to delete
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

43
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_list.yaml generated Normal file
View File

@ -0,0 +1,43 @@
command: docker scout integration list
short: Integration Docker Scout
long: |
The docker scout integration list configured integrations for an organization.
usage: docker scout integration list [INTEGRATION]
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to list
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

27
_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml generated
View File

@ -1,14 +1,15 @@
command: docker scout policy command: docker scout policy
short: Display the policy results of an image (experimental) short: |
Evaluate policies against an image and display the policy evaluation results (experimental)
long: | long: |
The `docker scout policy` command displays the policy results of an image if there are any. The `docker scout policy` command evaluates policies against an image. The image is indexed into the Scout platform - if it wasn't already - and policies will run against it. The policy results may take a few minutes to become available.
usage: docker scout policy [IMAGE | REPO] usage: docker scout policy [IMAGE | REPO]
pname: docker scout pname: docker scout
plink: docker_scout.yaml plink: docker_scout.yaml
options: options:
- option: env - option: env
value_type: string value_type: string
description: Name of the environment to compare to. description: Name of the environment to compare to
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false
@ -19,7 +20,7 @@ options:
shorthand: e shorthand: e
value_type: bool value_type: bool
default_value: "false" default_value: "false"
description: Return exit code '2' if policies are not met. description: Return exit code '2' if policies are not met, '0' otherwise
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false
@ -38,7 +39,7 @@ options:
- option: output - option: output
shorthand: o shorthand: o
value_type: string value_type: string
description: Write the report to a file. description: Write the report to a file
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false
@ -47,7 +48,7 @@ options:
swarm: false swarm: false
- option: platform - option: platform
value_type: string value_type: string
description: Platform of image to pull policy results from. description: Platform of image to pull policy results from
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false
@ -66,12 +67,24 @@ inherited_options:
kubernetes: false kubernetes: false
swarm: false swarm: false
examples: |- examples: |-
### Display the policy results of an image ### Evaluate policies against an image and display the results
```console ```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 $ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1
``` ```
### Evaluate policies against an image for a specific organization
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy
```
### Evaluate policies against an image with a specific platform
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64
```
### Compare policy results for a repository in a specific environment ### Compare policy results for a repository in a specific environment
```console ```console

47
_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml generated
View File

@ -7,6 +7,31 @@ long: |-
If available it also displays base image refresh and update recommendations. If available it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image will be used. If no image is specified, the most recently built image will be used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
usage: docker scout quickview [IMAGE|DIRECTORY|ARCHIVE] usage: docker scout quickview [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout pname: docker scout
plink: docker_scout.yaml plink: docker_scout.yaml
@ -52,7 +77,7 @@ options:
value_type: string value_type: string
description: |- description: |-
Reference to use if the provided tarball contains multiple references. Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. Can only be used with archive.
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false
@ -68,21 +93,6 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: type
value_type: string
default_value: image
description: |-
Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options: inherited_options:
- option: debug - option: debug
value_type: bool value_type: bool
@ -109,11 +119,6 @@ examples: |-
│ -5 -1 -3 -6 -6 │ -5 -1 -3 -6 -6
Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L
│ -5 -1 -2 -19 -6 │ -5 -1 -2 -19 -6
│ Know more about vulnerabilities:
│ docker scout cves golang:1.19.4
│ Know more about base image update recommendations:
│ docker scout recommendations golang:1.19.4
``` ```
### Quick overview of the most recently built image ### Quick overview of the most recently built image

29
_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml generated
View File

@ -12,8 +12,9 @@ long: |-
- Images - Images
- OCI layout directories - OCI layout directories
- Tarball archives, as created by `docker save` - Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates base image updates and remediation recommendations. The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as: By default, the tool expects an image reference, such as:
@ -21,7 +22,15 @@ long: |-
- `curlimages/curl:7.87.0` - `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0` - `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag. If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
usage: docker scout recommendations [IMAGE|DIRECTORY|ARCHIVE] usage: docker scout recommendations [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout pname: docker scout
plink: docker_scout.yaml plink: docker_scout.yaml
@ -78,7 +87,7 @@ options:
value_type: string value_type: string
description: |- description: |-
Reference to use if the provided tarball contains multiple references. Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. Can only be used with archive.
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false
@ -94,20 +103,6 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: type
value_type: string
default_value: image
description: |-
Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options: inherited_options:
- option: debug - option: debug
value_type: bool value_type: bool

20
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml generated
View File

@ -2,7 +2,7 @@ command: docker scout repo disable
short: Disable Docker Scout short: Disable Docker Scout
long: | long: |
The docker scout repo disable command disables Docker Scout on repositories. The docker scout repo disable command disables Docker Scout on repositories.
usage: docker scout repo disable REPOSITORY|ORG usage: docker scout repo disable REPOSITORY
pname: docker scout repo pname: docker scout repo
plink: docker_scout_repo.yaml plink: docker_scout_repo.yaml
options: options:
@ -15,6 +15,24 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Container Registry
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options: inherited_options:
- option: debug - option: debug
value_type: bool value_type: bool

20
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml generated
View File

@ -1,7 +1,7 @@
command: docker scout repo enable command: docker scout repo enable
short: Enable Docker Scout short: Enable Docker Scout
long: The docker scout repo enable command enables Docker Scout on repositories. long: The docker scout repo enable command enables Docker Scout on repositories.
usage: docker scout repo enable REPOSITORY|ORG usage: docker scout repo enable REPOSITORY
pname: docker scout repo pname: docker scout repo
plink: docker_scout_repo.yaml plink: docker_scout_repo.yaml
options: options:
@ -14,6 +14,24 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Container Registry
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options: inherited_options:
- option: debug - option: debug
value_type: bool value_type: bool

29
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml generated
View File

@ -1,8 +1,10 @@
command: docker scout repo list command: docker scout repo list
short: Repo Docker Scout short: List Docker Scout repositories
long: | long: |-
The docker scout repo list command shows all repositories in an organization. The docker scout repo list command shows all repositories in an organization.
usage: docker scout repo list ORG
If ORG is not provided the default configured organization will be used.
usage: docker scout repo list
pname: docker scout repo pname: docker scout repo
plink: docker_scout_repo.yaml plink: docker_scout_repo.yaml
options: options:
@ -35,6 +37,27 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: only-registry
value_type: string
description: |-
Filter to a specific registry only:
- hub.docker.com
- ecr (AWS ECR)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options: inherited_options:
- option: debug - option: debug
value_type: bool value_type: bool

28
_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml generated
View File

@ -12,6 +12,7 @@ long: |-
- Images - Images
- OCI layout directories - OCI layout directories
- Tarball archives, as created by `docker save` - Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report. The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -21,7 +22,15 @@ long: |-
- `curlimages/curl:7.87.0` - `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0` - `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag. If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
usage: docker scout sbom [IMAGE|DIRECTORY|ARCHIVE] usage: docker scout sbom [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout pname: docker scout
plink: docker_scout.yaml plink: docker_scout.yaml
@ -74,22 +83,7 @@ options:
value_type: string value_type: string
description: |- description: |-
Reference to use if the provided tarball contains multiple references. Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. Can only be used with archive.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: type
value_type: string
default_value: image
description: |-
Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
- fs (directory or file)
deprecated: false deprecated: false
hidden: false hidden: false
experimental: false experimental: false

11
_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml generated
View File

@ -47,6 +47,17 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: refresh-registry
value_type: bool
default_value: "false"
description: |
Refresh the list of repositories of a registry at every run. Only with --registry.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry - option: registry
value_type: string value_type: string
description: Registry to watch description: Registry to watch

3
_vendor/github.com/docker/scout-cli/docs/scout.md generated
View File

@ -17,7 +17,8 @@ Command line tool for Docker Scout
| [`cves`](scout_cves.md) | Display CVEs identified in a software artifact | | [`cves`](scout_cves.md) | Display CVEs identified in a software artifact |
| [`enroll`](scout_enroll.md) | Enroll an organization with Docker Scout | | [`enroll`](scout_enroll.md) | Enroll an organization with Docker Scout |
| [`environment`](scout_environment.md) | Manage environments (experimental) | | [`environment`](scout_environment.md) | Manage environments (experimental) |
| [`policy`](scout_policy.md) | Display the policy results of an image (experimental) | | [`integration`](scout_integration.md) | Commands to list, configure, and delete Docker Scout integrations |
| [`policy`](scout_policy.md) | Evaluate policies against an image and display the policy evaluation results (experimental) |
| [`push`](scout_push.md) | Push an image or image index to Docker Scout (experimental) | | [`push`](scout_push.md) | Push an image or image index to Docker Scout (experimental) |
| [`quickview`](scout_quickview.md) | Quick overview of an image | | [`quickview`](scout_quickview.md) | Quick overview of an image |
| [`recommendations`](scout_recommendations.md) | Display available base image updates and remediation recommendations | | [`recommendations`](scout_recommendations.md) | Display available base image updates and remediation recommendations |

4
_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md generated
View File

@ -48,8 +48,4 @@ Docker Scout cached SBOMs are located at:
sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
Total: 4 MB Total: 4 MB
What's Next?
Delete all cached SBOMs → docker scout prune
``` ```

30
_vendor/github.com/docker/scout-cli/docs/scout_compare.md generated
View File

@ -13,6 +13,7 @@ Compare two images and display differences (experimental)
|:----------------------|:--------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |:----------------------|:--------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerability changes are detected | | `-e`, `--exit-code` | | | Return exit code '2' if vulnerability changes are detected |
| `--format` | `string` | `text` | Output format of the generated vulnerability report:<br>- text: default output, plain text with or without colors depending on the terminal<br>- markdown: Markdown output<br> | | `--format` | `string` | `text` | Output format of the generated vulnerability report:<br>- text: default output, plain text with or without colors depending on the terminal<br>- markdown: Markdown output<br> |
| `--hide-policies` | | | Hide policy status from the output |
| `--ignore-base` | | | Filter out CVEs introduced from base image | | `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--ignore-unchanged` | | | Filter out unchanged packages | | `--ignore-unchanged` | | | Filter out unchanged packages |
| `--multi-stage` | | | Show packages from multi-stage Docker builds | | `--multi-stage` | | | Show packages from multi-stage Docker builds |
@ -24,13 +25,11 @@ Compare two images and display differences (experimental)
| `--org` | `string` | | Namespace of the Docker organization | | `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. | | `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze | | `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. | | `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
| `--to` | `string` | | Image, directory, or archive to compare to | | `--to` | `string` | | Image, directory, or archive to compare to |
| `--to-env` | `string` | | Name of environment to compare to | | `--to-env` | `string` | | Name of environment to compare to |
| `--to-latest` | | | Latest image processed to compare to | | `--to-latest` | | | Latest image processed to compare to |
| `--to-ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. | | `--to-ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
| `--to-type` | `string` | `image` | Image type to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br>- fs (directory or file)<br> |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br>- fs (directory or file)<br> |
<!---MARKER_GEN_END--> <!---MARKER_GEN_END-->
@ -51,6 +50,7 @@ The following artifact types are supported:
- Images - Images
- OCI layout directories - OCI layout directories
- Tarball archives, as created by `docker save` - Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report. The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -60,7 +60,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0` - `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0` - `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` or `--to-type` flag. If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
## Examples ## Examples
@ -70,6 +78,12 @@ If the artifact you want to analyze is an OCI directory or a tarball archive, yo
$ docker scout compare --to namespace/repo:latest $ docker scout compare --to namespace/repo:latest
``` ```
### Compare local build to the same tag from the registry
```console
$ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
```
### Ignore base images ### Ignore base images
```console ```console
@ -87,3 +101,9 @@ $ docker scout compare --format markdown --to namespace/repo:latest namespace/re
```console ```console
$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre $ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
``` ```
### Show all policy results for both images
```console
docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
```

70
_vendor/github.com/docker/scout-cli/docs/scout_cves.md generated
View File

@ -9,31 +9,30 @@ Display CVEs identified in a software artifact
### Options ### Options
| Name | Type | Default | Description | | Name | Type | Default | Description |
|:-----------------------|:--------------|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |:-----------------------|:--------------|:-----------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--details` | | | Print details on default text output | | `--details` | | | Print details on default text output |
| `--env` | `string` | | Name of environment | | `--env` | `string` | | Name of environment |
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected | | `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- markdown: markdown output (including some html tags like collapsible sections)<br> | | `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- spdx: json SPDX output <br>- markdown: markdown output (including some html tags like collapsible sections)<br> |
| `--ignore-base` | | | Filter out CVEs introduced from base image | | `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--locations` | | | Print package locations including file paths and layer diff_id | | `--locations` | | | Print package locations including file paths and layer diff_id |
| `--multi-stage` | | | Show packages from multi-stage Docker builds | | `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for | | `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
| `--only-fixed` | | | Filter to fixable CVEs | | `--only-fixed` | | | Filter to fixable CVEs |
| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by | | `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) | | `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by | | `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names | | `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
| `--only-unfixed` | | | Filter to unfixed CVEs | | `--only-unfixed` | | | Filter to unfixed CVEs |
| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities | | `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
| `--org` | `string` | | Namespace of the Docker organization | | `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. | | `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze | | `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. | | `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br>- fs (directory or file)<br> | | `--vex` | | | Apply VEX statements to filter CVEs |
| `--vex` | | | Apply VEX statements to filter CVEs | | `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept | | `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
<!---MARKER_GEN_END--> <!---MARKER_GEN_END-->
@ -49,6 +48,7 @@ The following artifact types are supported:
- Images - Images
- OCI layout directories - OCI layout directories
- Tarball archives, as created by `docker save` - Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report. The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -58,7 +58,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0` - `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0` - `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag. If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
## Examples ## Examples
@ -77,7 +85,7 @@ Analyzing image alpine
```console ```console
$ docker save alpine > alpine.tar $ docker save alpine > alpine.tar
$ docker scout cves --type archive alpine.tar $ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar Analyzing archive alpine.tar
✓ Archive read ✓ Archive read
✓ SBOM of image already cached, 18 packages indexed ✓ SBOM of image already cached, 18 packages indexed
@ -89,7 +97,7 @@ Analyzing archive alpine.tar
```console ```console
$ skopeo copy --override-os linux docker://alpine oci:alpine $ skopeo copy --override-os linux docker://alpine oci:alpine
$ docker scout cves --type oci-dir alpine $ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine Analyzing OCI directory alpine
✓ OCI directory read ✓ OCI directory read
✓ Image stored for indexing ✓ Image stored for indexing
@ -97,6 +105,12 @@ Analyzing OCI directory alpine
✓ No vulnerable package detected ✓ No vulnerable package detected
``` ```
### Display vulnerabilities from the current directory
```console
$ docker scout cves fs://.
```
### Export vulnerabilities to a SARIF JSON file ### Export vulnerabilities to a SARIF JSON file
```console ```console

14
_vendor/github.com/docker/scout-cli/docs/scout_entitlement.md generated
View File

@ -1,14 +0,0 @@
# docker scout entitlement
<!---MARKER_GEN_START-->
Manage entitlement of a Docker Hub repository
### Options
| Name | Type | Default | Description |
|:------------|:-----|:--------|:-----------------------------------|
| `--disable` | | | Disable Docker Scout on repository |
<!---MARKER_GEN_END-->

17
_vendor/github.com/docker/scout-cli/docs/scout_integration.md generated Normal file
View File

@ -0,0 +1,17 @@
# docker scout integration
<!---MARKER_GEN_START-->
Commands to list, configure, and delete Docker Scout integrations
### Subcommands
| Name | Description |
|:----------------------------------------------|:----------------------------------------------------|
| [`configure`](scout_integration_configure.md) | Configure or update a new integration configuration |
| [`delete`](scout_integration_delete.md) | Delete a new integration configuration |
| [`list`](scout_integration_list.md) | Integration Docker Scout |
<!---MARKER_GEN_END-->

16
_vendor/github.com/docker/scout-cli/docs/scout_integration_configure.md generated Normal file
View File

@ -0,0 +1,16 @@
# docker scout integration configure
<!---MARKER_GEN_START-->
Configure or update a new integration configuration
### Options
| Name | Type | Default | Description |
|:--------------|:--------------|:--------|:-------------------------------------------------------------|
| `--name` | `string` | | Name of integration configuration to create |
| `--org` | `string` | | Namespace of the Docker organization |
| `--parameter` | `stringSlice` | | Integration parameters in the form of --parameter NAME=VALUE |
<!---MARKER_GEN_END-->

15
_vendor/github.com/docker/scout-cli/docs/scout_integration_delete.md generated Normal file
View File

@ -0,0 +1,15 @@
# docker scout integration delete
<!---MARKER_GEN_START-->
Delete a new integration configuration
### Options
| Name | Type | Default | Description |
|:---------|:---------|:--------|:--------------------------------------------|
| `--name` | `string` | | Name of integration configuration to delete |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

15
_vendor/github.com/docker/scout-cli/docs/scout_integration_list.md generated Normal file
View File

@ -0,0 +1,15 @@
# docker scout integration list
<!---MARKER_GEN_START-->
Integration Docker Scout
### Options
| Name | Type | Default | Description |
|:---------|:---------|:--------|:------------------------------------------|
| `--name` | `string` | | Name of integration configuration to list |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

32
_vendor/github.com/docker/scout-cli/docs/scout_policy.md generated
View File

@ -1,33 +1,45 @@
# docker scout policy # docker scout policy
<!---MARKER_GEN_START--> <!---MARKER_GEN_START-->
Display the policy results of an image (experimental) Evaluate policies against an image and display the policy evaluation results (experimental)
### Options ### Options
| Name | Type | Default | Description | | Name | Type | Default | Description |
|:--------------------|:---------|:--------|:-----------------------------------------------| |:--------------------|:---------|:--------|:------------------------------------------------------------|
| `--env` | `string` | | Name of the environment to compare to. | | `--env` | `string` | | Name of the environment to compare to |
| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met. | | `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise |
| `--org` | `string` | | Namespace of the Docker organization | | `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. | | `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to pull policy results from. | | `--platform` | `string` | | Platform of image to pull policy results from |
<!---MARKER_GEN_END--> <!---MARKER_GEN_END-->
## Description ## Description
The `docker scout policy` command displays the policy results of an image if there are any. The `docker scout policy` command evaluates policies against an image. The image is indexed into the Scout platform - if it wasn't already - and policies will run against it. The policy results may take a few minutes to become available.
## Examples ## Examples
### Display the policy results of an image ### Evaluate policies against an image and display the results
```console ```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 $ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1
``` ```
### Evaluate policies against an image for a specific organization
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy
```
### Evaluate policies against an image with a specific platform
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64
```
### Compare policy results for a repository in a specific environment ### Compare policy results for a repository in a specific environment
```console ```console

45
_vendor/github.com/docker/scout-cli/docs/scout_quickview.md generated
View File

@ -9,14 +9,13 @@ Quick overview of an image
### Options ### Options
| Name | Type | Default | Description | | Name | Type | Default | Description |
|:-----------------|:---------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------| |:-----------------|:---------|:--------|:---------------------------------------------------------------------------------------------------------|
| `--env` | `string` | | Name of the environment | | `--env` | `string` | | Name of the environment |
| `--org` | `string` | | Namespace of the Docker organization | | `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. | | `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze | | `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. | | `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br>- fs (directory or file)<br> |
<!---MARKER_GEN_END--> <!---MARKER_GEN_END-->
@ -29,6 +28,31 @@ If available it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image will be used. If no image is specified, the most recently built image will be used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
## Examples ## Examples
### Quick overview of an image ### Quick overview of an image
@ -45,11 +69,6 @@ $ docker scout quickview golang:1.19.4
│ -5 -1 -3 -6 -6 │ -5 -1 -3 -6 -6
Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L
│ -5 -1 -2 -19 -6 │ -5 -1 -2 -19 -6
│ Know more about vulnerabilities:
│ docker scout cves golang:1.19.4
│ Know more about base image update recommendations:
│ docker scout recommendations golang:1.19.4
``` ```
### Quick overview of the most recently built image ### Quick overview of the most recently built image

32
_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md generated
View File

@ -5,16 +5,15 @@ Display available base image updates and remediation recommendations
### Options ### Options
| Name | Type | Default | Description | | Name | Type | Default | Description |
|:-----------------|:---------|:--------|:----------------------------------------------------------------------------------------------------------------| |:-----------------|:---------|:--------|:---------------------------------------------------------------------------------------------------------|
| `--only-refresh` | | | Only display base image refresh recommendations | | `--only-refresh` | | | Only display base image refresh recommendations |
| `--only-update` | | | Only display base image update recommendations | | `--only-update` | | | Only display base image update recommendations |
| `--org` | `string` | | Namespace of the Docker organization | | `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file. | | `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze | | `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. | | `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
| `--tag` | `string` | | Specify tag | | `--tag` | `string` | | Specify tag |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br> |
<!---MARKER_GEN_END--> <!---MARKER_GEN_END-->
@ -32,8 +31,9 @@ The following artifact types are supported:
- Images - Images
- OCI layout directories - OCI layout directories
- Tarball archives, as created by `docker save` - Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates base image updates and remediation recommendations. The tool analyzes the provided software artifact, and generates a vulnerability report.
By default, the tool expects an image reference, such as: By default, the tool expects an image reference, such as:
@ -41,7 +41,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0` - `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0` - `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag. If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
## Examples ## Examples

10
_vendor/github.com/docker/scout-cli/docs/scout_repo.md generated
View File

@ -5,11 +5,11 @@ Commands to list, enable, and disable Docker Scout on repositories
### Subcommands ### Subcommands
| Name | Description | | Name | Description |
|:-----------------------------------|:---------------------| |:-----------------------------------|:-------------------------------|
| [`disable`](scout_repo_disable.md) | Disable Docker Scout | | [`disable`](scout_repo_disable.md) | Disable Docker Scout |
| [`enable`](scout_repo_enable.md) | Enable Docker Scout | | [`enable`](scout_repo_enable.md) | Enable Docker Scout |
| [`list`](scout_repo_list.md) | Repo Docker Scout | | [`list`](scout_repo_list.md) | List Docker Scout repositories |

8
_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md generated
View File

@ -5,9 +5,11 @@ Disable Docker Scout
### Options ### Options
| Name | Type | Default | Description | | Name | Type | Default | Description |
|:-----------|:---------|:--------|:--------------------------------------------------| |:-------------|:---------|:--------|:--------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name | | `--filter` | `string` | | Regular expression to filter repositories by name |
| `--org` | `string` | | Namespace of the Docker organization |
| `--registry` | `string` | | Container Registry |
<!---MARKER_GEN_END--> <!---MARKER_GEN_END-->

8
_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md generated
View File

@ -5,9 +5,11 @@ Enable Docker Scout
### Options ### Options
| Name | Type | Default | Description | | Name | Type | Default | Description |
|:-----------|:---------|:--------|:--------------------------------------------------| |:-------------|:---------|:--------|:--------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name | | `--filter` | `string` | | Regular expression to filter repositories by name |
| `--org` | `string` | | Namespace of the Docker organization |
| `--registry` | `string` | | Container Registry |
<!---MARKER_GEN_END--> <!---MARKER_GEN_END-->

14
_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md generated
View File

@ -1,15 +1,17 @@
# docker scout repo list # docker scout repo list
<!---MARKER_GEN_START--> <!---MARKER_GEN_START-->
Repo Docker Scout List Docker Scout repositories
### Options ### Options
| Name | Type | Default | Description | | Name | Type | Default | Description |
|:------------------|:---------|:--------|:--------------------------------------------------| |:------------------|:---------|:--------|:---------------------------------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name | | `--filter` | `string` | | Regular expression to filter repositories by name |
| `--only-disabled` | | | Filter to disabled repositories only | | `--only-disabled` | | | Filter to disabled repositories only |
| `--only-enabled` | | | Filter to enabled repositories only | | `--only-enabled` | | | Filter to enabled repositories only |
| `--only-registry` | `string` | | Filter to a specific registry only:<br>- hub.docker.com<br>- ecr (AWS ECR) |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END--> <!---MARKER_GEN_END-->

26
_vendor/github.com/docker/scout-cli/docs/scout_sbom.md generated
View File

@ -5,14 +5,13 @@ Generate or display SBOM of an image
### Options ### Options
| Name | Type | Default | Description | | Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------| |:----------------------|:--------------|:--------|:--------------------------------------------------------------------------------------------------------------------------|
| `--format` | `string` | `json` | Output format:<br>- list: list of packages of the image<br>- json: json representation of the SBOM | | `--format` | `string` | `json` | Output format:<br>- list: list of packages of the image<br>- json: json representation of the SBOM |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)<br>Can only be used with --format list | | `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)<br>Can only be used with --format list |
| `-o`, `--output` | `string` | | Write the report to a file. | | `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze | | `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. | | `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br>- fs (directory or file)<br> |
<!---MARKER_GEN_END--> <!---MARKER_GEN_END-->
@ -30,6 +29,7 @@ The following artifact types are supported:
- Images - Images
- OCI layout directories - OCI layout directories
- Tarball archives, as created by `docker save` - Tarball archives, as created by `docker save`
- Local directory or file
The tool analyzes the provided software artifact, and generates a vulnerability report. The tool analyzes the provided software artifact, and generates a vulnerability report.
@ -39,7 +39,15 @@ By default, the tool expects an image reference, such as:
- `curlimages/curl:7.87.0` - `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0` - `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag. If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by docker save
- `fs://` use a local directory or file
## Examples ## Examples

23
_vendor/github.com/docker/scout-cli/docs/scout_watch.md generated
View File

@ -5,17 +5,18 @@ Watch repositories in a registry and push images and indexes to Docker Scout (ex
### Options ### Options
| Name | Type | Default | Description | | Name | Type | Default | Description |
|:---------------|:--------------|:--------|:------------------------------------------------------------------------------------| |:---------------------|:--------------|:--------|:------------------------------------------------------------------------------------|
| `--all-images` | | | Push all images instead of only the ones pushed during the watch command is running | | `--all-images` | | | Push all images instead of only the ones pushed during the watch command is running |
| `--dry-run` | | | Watch images and prepare them, but do not push them | | `--dry-run` | | | Watch images and prepare them, but do not push them |
| `--interval` | `int64` | `60` | Interval in seconds between checks | | `--interval` | `int64` | `60` | Interval in seconds between checks |
| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed | | `--org` | `string` | | Namespace of the Docker organization to which image will be pushed |
| `--registry` | `string` | | Registry to watch | | `--refresh-registry` | | | Refresh the list of repositories of a registry at every run. Only with --registry. |
| `--repository` | `stringSlice` | | Repository to watch | | `--registry` | `string` | | Registry to watch |
| `--sbom` | | | Create and upload SBOMs | | `--repository` | `stringSlice` | | Repository to watch |
| `--tag` | `stringSlice` | | Regular expression to match tags to watch | | `--sbom` | | | Create and upload SBOMs |
| `--workers` | `int` | `3` | Number of concurrent workers | | `--tag` | `stringSlice` | | Regular expression to match tags to watch |
| `--workers` | `int` | `3` | Number of concurrent workers |
<!---MARKER_GEN_END--> <!---MARKER_GEN_END-->

2
_vendor/modules.txt
View File

@ -1,7 +1,7 @@
# github.com/moby/moby v24.0.5+incompatible # github.com/moby/moby v24.0.5+incompatible
# github.com/moby/buildkit v0.12.1-0.20230830200556-05eb7287534b # github.com/moby/buildkit v0.12.1-0.20230830200556-05eb7287534b
# github.com/docker/buildx v0.11.2 # github.com/docker/buildx v0.11.2
# github.com/docker/scout-cli v0.24.1 # github.com/docker/scout-cli v1.0.2
# github.com/docker/cli v24.0.5+incompatible # github.com/docker/cli v24.0.5+incompatible
# github.com/docker/compose-cli v1.0.35 # github.com/docker/compose-cli v1.0.35
# github.com/distribution/distribution v2.8.2+incompatible # github.com/distribution/distribution v2.8.2+incompatible

16
content/engine/reference/commandline/scout_integration.md Normal file
View File

@ -0,0 +1,16 @@
---
datafolder: scout-cli
datafile: docker_scout_integration
title: docker scout integration
layout: cli
---
<!--
This page is automatically generated from Docker's source code. If you want to
suggest a change to the text that appears here, open a ticket in the source
repository on GitHub:
https://github.com/docker/scout-cli
-->
{{< include "scout-early-access.md" >}}

16
content/engine/reference/commandline/scout_integration_configure.md Normal file
View File

@ -0,0 +1,16 @@
---
datafolder: scout-cli
datafile: docker_scout_integration_configure
title: docker scout integration configure
layout: cli
---
<!--
This page is automatically generated from Docker's source code. If you want to
suggest a change to the text that appears here, open a ticket in the source
repository on GitHub:
https://github.com/docker/scout-cli
-->
{{< include "scout-early-access.md" >}}

16
content/engine/reference/commandline/scout_integration_delete.md Normal file
View File

@ -0,0 +1,16 @@
---
datafolder: scout-cli
datafile: docker_scout_integration_delete
title: docker scout integration delete
layout: cli
---
<!--
This page is automatically generated from Docker's source code. If you want to
suggest a change to the text that appears here, open a ticket in the source
repository on GitHub:
https://github.com/docker/scout-cli
-->
{{< include "scout-early-access.md" >}}

16
content/engine/reference/commandline/scout_integration_list.md Normal file
View File

@ -0,0 +1,16 @@
---
datafolder: scout-cli
datafile: docker_scout_integration_list
title: docker scout integration list
layout: cli
---
<!--
This page is automatically generated from Docker's source code. If you want to
suggest a change to the text that appears here, open a ticket in the source
repository on GitHub:
https://github.com/docker/scout-cli
-->
{{< include "scout-early-access.md" >}}

8
data/toc.yaml
View File

@ -630,6 +630,14 @@ Reference:
title: docker scout enroll title: docker scout enroll
- path: /engine/reference/commandline/scout_environment/ - path: /engine/reference/commandline/scout_environment/
title: docker scout environment title: docker scout environment
- path: /engine/reference/commandline/scout_integration/
title: docker scout integration
- path: /engine/reference/commandline/scout_integration_configure/
title: docker scout integration configure
- path: /engine/reference/commandline/scout_integration_delete/
title: docker scout integration delete
- path: /engine/reference/commandline/scout_integration_list/
title: docker scout integration list
- path: /engine/reference/commandline/scout_policy/ - path: /engine/reference/commandline/scout_policy/
title: docker scout policy title: docker scout policy
- path: /engine/reference/commandline/scout_quickview/ - path: /engine/reference/commandline/scout_quickview/

2
go.mod
View File

@ -9,7 +9,7 @@ require (
github.com/docker/cli v24.0.5+incompatible // indirect github.com/docker/cli v24.0.5+incompatible // indirect
github.com/docker/compose-cli v1.0.35 // indirect github.com/docker/compose-cli v1.0.35 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/scout-cli v0.24.1 // indirect github.com/docker/scout-cli v1.0.2 // indirect
github.com/moby/buildkit v0.12.1-0.20230830200556-05eb7287534b // indirect github.com/moby/buildkit v0.12.1-0.20230830200556-05eb7287534b // indirect
github.com/moby/moby v24.0.5+incompatible // indirect github.com/moby/moby v24.0.5+incompatible // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect

2
go.sum
View File

@ -73,6 +73,8 @@ github.com/docker/scout-cli v0.23.3 h1:ToQ/Gw1clQ2GJ47Yt0HCefJB55oPOHZYH6rVxGdfF
github.com/docker/scout-cli v0.23.3/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= github.com/docker/scout-cli v0.23.3/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v0.24.1 h1:ga1J6dsKXfhBQ98wKbb+GWncuMdqErxhpLMxPSMqH+g= github.com/docker/scout-cli v0.24.1 h1:ga1J6dsKXfhBQ98wKbb+GWncuMdqErxhpLMxPSMqH+g=
github.com/docker/scout-cli v0.24.1/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= github.com/docker/scout-cli v0.24.1/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.0.2 h1:KweJ2S/WXncRIv+9+GrNI4bq/5TjcWY8WyWqgfV1zdM=
github.com/docker/scout-cli v1.0.2/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=