docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add release notes for docker scout v1.11.0 (#20416) 

* Update description of SSC attestations

* add release notes for docker scout v1.11.0

Signed-off-by: felipecruz91 <felipecruz91@hotmail.es>

* Fix version in header

Signed-off-by: felipecruz91 <felipecruz91@hotmail.es>

* Revert --provenance=mode=max change

Signed-off-by: felipecruz91 <felipecruz91@hotmail.es>

---------

Signed-off-by: felipecruz91 <felipecruz91@hotmail.es>
Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
This commit is contained in:
Felipe Cruz Martinez 2024-07-25 17:29:41 +02:00 committed by GitHub
parent 0025c66e24
commit ae25eb4b08
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 118 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml generated
View File

@ -144,6 +144,16 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: only-cisa-kev
value_type: bool
default_value: "false"
description: Filter to CVEs listed in the CISA KEV catalog
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-cve-id
value_type: stringSlice
default_value: '[]'

14
_vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml generated
View File

@ -1,5 +1,5 @@
command: docker scout push
short: Push an image or image index to Docker Scout (experimental)
short: Push an image or image index to Docker Scout
long: |
The `docker scout push` command lets you push an image or analysis result to Docker Scout.
usage: docker scout push IMAGE
@ -15,6 +15,16 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: dry-run
value_type: bool
default_value: "false"
description: Do not push the image but process it
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization to which image will be pushed
@ -91,7 +101,7 @@ examples: |-
```
deprecated: false
experimental: false
experimentalcli: true
experimentalcli: false
kubernetes: false
swarm: false

2
_vendor/github.com/docker/scout-cli/docs/scout.md generated
View File

@ -22,7 +22,7 @@ Command line tool for Docker Scout
| [`help`](scout_help.md) | Display information about the available commands |
| [`integration`](scout_integration.md) | Commands to list, configure, and delete Docker Scout integrations |
| [`policy`](scout_policy.md) | Evaluate policies against an image and display the policy evaluation results (experimental) |
| [`push`](scout_push.md) | Push an image or image index to Docker Scout (experimental) |
| [`push`](scout_push.md) | Push an image or image index to Docker Scout |
| [`quickview`](scout_quickview.md) | Quick overview of an image |
| [`recommendations`](scout_recommendations.md) | Display available base image updates and remediation recommendations |
| [`repo`](scout_repo.md) | Commands to list, enable, and disable Docker Scout on repositories |

1
_vendor/github.com/docker/scout-cli/docs/scout_cves.md generated
View File

@ -21,6 +21,7 @@ Display CVEs identified in a software artifact
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--locations` | | | Print package locations including file paths and layer diff_id |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-cisa-kev` | | | Filter to CVEs listed in the CISA KEV catalog |
| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
| `--only-fixed` | | | Filter to fixable CVEs |
| `--only-metric` | `stringSlice` | | Comma separated list of CVSS metrics (like AV:N or PR:L) to filter CVEs by |

3
_vendor/github.com/docker/scout-cli/docs/scout_push.md generated
View File

@ -1,13 +1,14 @@
# docker scout push
<!---MARKER_GEN_START-->
Push an image or image index to Docker Scout (experimental)
Push an image or image index to Docker Scout
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:-------------------------------------------------------------------|
| `--author` | `string` | | Name of the author of the image |
| `--dry-run` | | | Do not push the image but process it |
| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to be pushed |

2
_vendor/modules.txt
View File

@ -3,4 +3,4 @@
# github.com/docker/buildx v0.16.2
# github.com/docker/cli v27.0.3+incompatible
# github.com/docker/compose/v2 v2.29.1
# github.com/docker/scout-cli v1.10.0
# github.com/docker/scout-cli v1.11.0

32
content/scout/policy/_index.md
View File

@ -159,6 +159,38 @@ For more information about
building with attestations, see
[Attestations](../../build/attestations/_index.md).
### Quality gates passed
The Quality gates passed policy builds on the [SonarQube
integration](../integrations/code-quality/sonarqube.md) to assess the quality
of your source code. This policy works by ingesting the SonarQube code analysis
results into Docker Scout.
You define the criteria for this policy using SonarQube's [quality
gates](https://docs.sonarsource.com/sonarqube/latest/user-guide/quality-gates/).
SonarQube evaluates your source code against the quality gates you've defined
in SonarQube. Docker Scout surfaces the SonarQube assessment as a Docker Scout
policy.
Docker Scout uses [provenance](../../build/attestations/slsa-provenance.md)
attestations or the `org.opencontainers.image.revision` OCI annotation to link
SonarQube analysis results with container images. In addition to enabling the
SonarQube integration, you must also make sure that your images has either the
attestation or the label.
![Git commit SHA links image with SonarQube analysis](../images/scout-sq-commit-sha.webp)
Once you push an image and policy evaluation completes, the results from the
SonarQube quality gates display as a policy in the Docker Scout Dashboard, and
in the CLI.
> **Note**
>
> Docker Scout can only access SonarQube analyses created after the integration
> is enabled. Docker Scout doesn't have access to historic evaluations. Trigger
> a SonarQube analysis and policy evaluation after enabling the integration to
> view the results in Docker Scout.
### Default non-root user
By default, containers run as the `root` superuser with full system

47
content/scout/release-notes/cli.md
View File

@ -8,6 +8,53 @@ This page contains information about the new features, improvements, known
issues, and bug fixes in the Docker Scout [CLI plugin](https://github.com/docker/scout-cli/)
and the `docker/scout-action` [GitHub Action](https://github.com/docker/scout-action).
## 1.11.0
{{< release-date date="2024-07-25" >}}
### New
- Filter CVEs listed in the CISA Known Exploited Vulnerabilities catalog.
```console {title="CLI"}
$ docker scout cves [IMAGE] --only-cisa-kev
... (cropped output) ...
## Packages and Vulnerabilities
0C 1H 0M 0L io.netty/netty-codec-http2 4.1.97.Final
pkg:maven/io.netty/netty-codec-http2@4.1.97.Final
✗ HIGH CVE-2023-44487 CISA KEV [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
https://scout.docker.com/v/CVE-2023-44487
Affected range : <4.1.100
Fixed version : 4.1.100.Final
CVSS Score : 7.5
CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
... (cropped output) ...
```
```yaml {title="GitHub Action"}
uses: docker/scout-action@v1
with:
command: cves
image: [IMAGE]
only-cisa-kev: true
```
- Add new classifiers:
- `spiped`
- `swift`
- `eclipse-mosquitto`
- `znc`
### Bug fixes and enhancements
- Allow VEX matching when no subcomponents.
- Fix panic when attaching an invalid VEX document.
- Fix SPDX document root.
- Fix base image detection when image uses SCRATCH as the base image.
## 1.10.0
{{< release-date date="2024-06-26" >}}

4
go.mod
View File

@ -8,7 +8,7 @@ require (
github.com/docker/buildx v0.16.2 // indirect
github.com/docker/cli v27.0.3+incompatible // indirect
github.com/docker/compose/v2 v2.29.1 // indirect
github.com/docker/scout-cli v1.10.0 // indirect
github.com/docker/scout-cli v1.11.0 // indirect
github.com/moby/buildkit v0.15.1 // indirect
github.com/moby/moby v27.0.3+incompatible // indirect
)
@ -17,7 +17,7 @@ replace (
github.com/docker/buildx => github.com/docker/buildx v0.16.2
github.com/docker/cli => github.com/docker/cli v27.0.3+incompatible
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.29.0
github.com/docker/scout-cli => github.com/docker/scout-cli v1.10.0
github.com/docker/scout-cli => github.com/docker/scout-cli v1.11.0
github.com/moby/buildkit => github.com/moby/buildkit v0.14.0-rc2.0.20240611065153-eed17a45c62b
github.com/moby/moby => github.com/moby/moby v27.0.3+incompatible
)

2
go.sum
View File

@ -200,6 +200,8 @@ github.com/docker/scout-cli v1.9.3 h1:u3lKQ7A1EvT3qNe5lR2c8dTNcAGIoSmH8HvSYarLlJ
github.com/docker/scout-cli v1.9.3/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.10.0 h1:C8Gm+6Oc7NqhtZ/UoACv3N2LaP1jqkhlIDRhBOqMBng=
github.com/docker/scout-cli v1.10.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.11.0 h1:I310kNhjw3oeKe8T1cQEh6yPgy6VtpuwzjWchETn8KU=
github.com/docker/scout-cli v1.11.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=