From d5c45ef7a19c50fe5e984db9c720f7ca07266377 Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Wed, 20 Mar 2024 04:32:22 +0100
Subject: [PATCH 1/2] vendor: github.com/docker/scout-cli v1.6.0
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
.../docs/docker_scout_attestation_add.yaml | 1 +
.../docs/docker_scout_cache_prune.yaml | 10 ++
.../scout-cli/docs/docker_scout_cves.yaml | 159 +++++++++++++++---
.../docs/docker_scout_quickview.yaml | 18 ++
.../scout-cli/docs/scout_attestation_add.md | 4 +
.../scout-cli/docs/scout_cache_prune.md | 1 +
.../docker/scout-cli/docs/scout_cves.md | 151 ++++++++++++++---
.../docker/scout-cli/docs/scout_quickview.md | 18 ++
_vendor/modules.txt | 2 +-
go.mod | 4 +-
go.sum | 2 +
11 files changed, 325 insertions(+), 45 deletions(-)
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_attestation_add.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_attestation_add.yaml
index c3513a9201..f685082535 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_attestation_add.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_attestation_add.yaml
@@ -1,4 +1,5 @@
command: docker scout attestation add
+aliases: docker scout attestation add, docker scout attest add
short: Add attestation to image
long: The docker scout attestation add command adds attestations to images.
usage: docker scout attestation add OPTIONS IMAGE [IMAGE...]
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml
index 2d5f7de568..7c0bb10d20 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml
@@ -9,6 +9,16 @@ usage: docker scout cache prune
pname: docker scout cache
plink: docker_scout_cache.yaml
options:
+ - option: epss
+ value_type: bool
+ default_value: "false"
+ description: Prune cached EPSS scores
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
- option: force
shorthand: f
value_type: bool
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
index f15a698b99..76fd9e1c37 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
@@ -27,6 +27,8 @@ long: |-
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
+ - `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
+ In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
usage: docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@@ -50,6 +52,49 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
+ - option: epss
+ value_type: bool
+ default_value: "false"
+ description: |
+ Display the EPSS scores and organize the package's CVEs according to their EPSS score
+ details_url: '#epss'
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+ - option: epss-date
+ value_type: string
+ description: Date to use for EPSS scores
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+ - option: epss-percentile
+ value_type: float32
+ default_value: "0"
+ description: |
+ Exclude CVEs with EPSS scores less than the specified percentile (0 to 1)
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
+ - option: epss-score
+ value_type: float32
+ default_value: "0"
+ description: |
+ Exclude CVEs with EPSS scores less than the specified value (0 to 1)
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
- option: exit-code
shorthand: e
value_type: bool
@@ -311,9 +356,9 @@ examples: |-
```console
$ docker scout cves alpine
Analyzing image alpine
- ✓ Image stored for indexing
- ✓ Indexed 18 packages
- ✓ No vulnerable package detected
+ ✓ Image stored for indexing
+ ✓ Indexed 18 packages
+ ✓ No vulnerable package detected
```
### Display vulnerabilities from a `docker save` tarball
@@ -323,9 +368,9 @@ examples: |-
$ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar
- ✓ Archive read
- ✓ SBOM of image already cached, 18 packages indexed
- ✓ No vulnerable package detected
+ ✓ Archive read
+ ✓ SBOM of image already cached, 18 packages indexed
+ ✓ No vulnerable package detected
```
### Display vulnerabilities from an OCI directory
@@ -335,10 +380,10 @@ examples: |-
$ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine
- ✓ OCI directory read
- ✓ Image stored for indexing
- ✓ Indexed 19 packages
- ✓ No vulnerable package detected
+ ✓ OCI directory read
+ ✓ Image stored for indexing
+ ✓ Indexed 19 packages
+ ✓ No vulnerable package detected
```
### Display vulnerabilities from the current directory
@@ -352,9 +397,9 @@ examples: |-
```console
$ docker scout cves --format sarif --output alpine.sarif.json alpine
Analyzing image alpine
- ✓ SBOM of image already cached, 18 packages indexed
- ✓ No vulnerable package detected
- ✓ Report written to alpine.sarif.json
+ ✓ SBOM of image already cached, 18 packages indexed
+ ✓ No vulnerable package detected
+ ✓ Report written to alpine.sarif.json
```
### Display markdown output
@@ -363,9 +408,9 @@ examples: |-
```console
$ docker scout cves --format markdown alpine
- ✓ Pulled
- ✓ SBOM of image already cached, 19 packages indexed
- ✗ Detected 1 vulnerable package with 3 vulnerabilities
+ ✓ Pulled
+ ✓ SBOM of image already cached, 19 packages indexed
+ ✗ Detected 1 vulnerable package with 3 vulnerabilities
:mag: Vulnerabilities of alpine
:package: Image Reference alpine
@@ -387,14 +432,86 @@ examples: |-
```console
$ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0
- ✓ Pulled
- ✓ SBOM of image already cached, 296 packages indexed
- ✗ Detected 1 vulnerable package with 40 vulnerabilities
+ ✓ Pulled
+ ✓ SBOM of image already cached, 296 packages indexed
+ ✗ Detected 1 vulnerable package with 40 vulnerabilities
- Name Version Type Vulnerabilities
+ Name Version Type Vulnerabilities
───────────────────────────────────────────────────────────
- stdlib 1.18 golang 2C 29H 8M 1L
+ stdlib 1.18 golang 2C 29H 8M 1L
```
+
+ ### Display EPSS score (--epss) {#epss}
+
+ The `--epss` flag adds [Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
+ scores to the `docker scout cves` output. EPSS scores are estimates of the likelihood (probability)
+ that a software vulnerability will be exploited in the wild in the next 30 days.
+ The higher the score, the greater the probability that a vulnerability will be exploited.
+
+ ```console {hl_lines=13,14}
+ $ docker scout cves --epss nginx
+ ✓ Provenance obtained from attestation
+ ✓ SBOM obtained from attestation, 232 packages indexed
+ ✓ Pulled
+ ✗ Detected 23 vulnerable packages with a total of 39 vulnerabilities
+
+ ...
+
+ ✗ HIGH CVE-2023-52425
+ https://scout.docker.com/v/CVE-2023-52425
+ Affected range : >=2.5.0-1
+ Fixed version : not fixed
+ EPSS Score : 0.000510
+ EPSS Percentile : 0.173680
+ ```
+
+ - `EPSS Score` is a floating point number between 0 and 1 representing the probability of exploitation in the wild in the next 30 days (following score publication).
+ - `EPSS Percentile` is the percentile of the current score, the proportion of all scored vulnerabilities with the same or a lower EPSS score.
+
+ You can use the `--epss-score` and `--epss-percentile` flags to filter the output
+ of `docker scout cves` based on these scores. For example,
+ to only show vulnerabilities with an EPSS score higher than 0.5:
+
+ ```console
+ $ docker scout cves --epss --epss-score 0.5 nginx
+ ✓ SBOM of image already cached, 232 packages indexed
+ ✓ EPSS scores for 2024-03-01 already cached
+ ✗ Detected 1 vulnerable package with 1 vulnerability
+
+ ...
+
+ ✗ LOW CVE-2023-44487
+ https://scout.docker.com/v/CVE-2023-44487
+ Affected range : >=1.22.1-9
+ Fixed version : not fixed
+ EPSS Score : 0.705850
+ EPSS Percentile : 0.979410
+ ```
+
+ EPSS scores are updated on a daily basis.
+ By default, the latest available score is displayed.
+ You can use the `--epss-date` flag to manually specify a date
+ in the format `yyyy-mm-dd` for fetching EPSS scores.
+
+ ```console
+ $ docker scout cves --epss --epss-date 2024-01-02 nginx
+ ```
+
+ ### List vulnerabilities from an SPDX file
+
+ The following example shows how to generate a list of vulnerabilities from an SPDX file using `syft`.
+
+ ```console
+ $ syft -o spdx-json alpine:3.16.1 | docker scout cves sbom://
+ ✔ Pulled image
+ ✔ Loaded image alpine:3.16.1
+ ✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
+ ✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
+ ├── ✔ Packages [14 packages]
+ ├── ✔ File digests [75 files]
+ ├── ✔ File metadata [75 locations]
+ └── ✔ Executables [16 executables]
+ ✗ Detected 2 vulnerable packages with a total of 11 vulnerabilities
deprecated: false
experimental: false
experimentalcli: false
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml
index 7a128a73bf..059ee1c7fb 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml
@@ -31,6 +31,8 @@ long: |-
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
+ - `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
+ In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
usage: docker scout quickview [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
@@ -145,6 +147,22 @@ examples: |-
```console
$ docker scout qv
```
+
+ ### Quick overview from an SPDX file
+
+ ```console
+ $ syft -o spdx-json alpine:3.16.1 | docker scout quickview sbom://
+ ✔ Loaded image alpine:3.16.1
+ ✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
+ ✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
+ ├── ✔ Packages [14 packages]
+ ├── ✔ File digests [75 files]
+ ├── ✔ File metadata [75 locations]
+ └── ✔ Executables [16 executables]
+
+ Target │ │ 1C 2H 8M 0L
+ digest │ 274a317d88b5 │
+ ```
deprecated: false
experimental: false
experimentalcli: false
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_attestation_add.md b/_vendor/github.com/docker/scout-cli/docs/scout_attestation_add.md
index 1c3be6bc05..5f09c0fffd 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_attestation_add.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_attestation_add.md
@@ -3,6 +3,10 @@
Add attestation to image
+### Aliases
+
+`docker scout attestation add`, `docker scout attest add`
+
### Options
| Name | Type | Default | Description |
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md b/_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md
index 7292884c7d..f53a51203b 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md
@@ -7,6 +7,7 @@ Remove temporary or cached data
| Name | Type | Default | Description |
|:----------------|:-----|:--------|:-------------------------------|
+| `--epss` | | | Prune cached EPSS scores |
| `-f`, `--force` | | | Do not prompt for confirmation |
| `--sboms` | | | Prune cached SBOMs |
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
index 793d1bd239..3b5c19c57a 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
@@ -13,6 +13,10 @@ Display CVEs identified in a software artifact
|:-----------------------|:--------------|:-----------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--details` | | | Print details on default text output |
| `--env` | `string` | | Name of environment |
+| [`--epss`](#epss) | | | Display the EPSS scores and organize the package's CVEs according to their EPSS score |
+| `--epss-date` | `string` | | Date to use for EPSS scores |
+| `--epss-percentile` | `float32` | `0` | Exclude CVEs with EPSS scores less than the specified percentile (0 to 1) |
+| `--epss-score` | `float32` | `0` | Exclude CVEs with EPSS scores less than the specified value (0 to 1) |
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- spdx: json SPDX output
- markdown: markdown output (including some html tags like collapsible sections)
- sbom: json SBOM output
|
| `--ignore-base` | | | Filter out CVEs introduced from base image |
@@ -66,6 +70,8 @@ or if you want to control from where the image will be resolved, you must prefix
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
+- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
+ In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
## Examples
@@ -74,9 +80,9 @@ or if you want to control from where the image will be resolved, you must prefix
```console
$ docker scout cves alpine
Analyzing image alpine
- ✓ Image stored for indexing
- ✓ Indexed 18 packages
- ✓ No vulnerable package detected
+✓ Image stored for indexing
+✓ Indexed 18 packages
+✓ No vulnerable package detected
```
### Display vulnerabilities from a `docker save` tarball
@@ -86,9 +92,9 @@ $ docker save alpine > alpine.tar
$ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar
- ✓ Archive read
- ✓ SBOM of image already cached, 18 packages indexed
- ✓ No vulnerable package detected
+✓ Archive read
+✓ SBOM of image already cached, 18 packages indexed
+✓ No vulnerable package detected
```
### Display vulnerabilities from an OCI directory
@@ -98,10 +104,10 @@ $ skopeo copy --override-os linux docker://alpine oci:alpine
$ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine
- ✓ OCI directory read
- ✓ Image stored for indexing
- ✓ Indexed 19 packages
- ✓ No vulnerable package detected
+✓ OCI directory read
+✓ Image stored for indexing
+✓ Indexed 19 packages
+✓ No vulnerable package detected
```
### Display vulnerabilities from the current directory
@@ -115,9 +121,9 @@ $ docker scout cves fs://.
```console
$ docker scout cves --format sarif --output alpine.sarif.json alpine
Analyzing image alpine
- ✓ SBOM of image already cached, 18 packages indexed
- ✓ No vulnerable package detected
- ✓ Report written to alpine.sarif.json
+✓ SBOM of image already cached, 18 packages indexed
+✓ No vulnerable package detected
+✓ Report written to alpine.sarif.json
```
### Display markdown output
@@ -126,9 +132,9 @@ The following example shows how to generate the vulnerability report as markdown
```console
$ docker scout cves --format markdown alpine
- ✓ Pulled
- ✓ SBOM of image already cached, 19 packages indexed
- ✗ Detected 1 vulnerable package with 3 vulnerabilities
+✓ Pulled
+✓ SBOM of image already cached, 19 packages indexed
+✗ Detected 1 vulnerable package with 3 vulnerabilities
:mag: Vulnerabilities of alpine
:package: Image Reference alpine
@@ -150,11 +156,114 @@ packages of the specified type, and only showing packages that are vulnerable.
```console
$ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0
- ✓ Pulled
- ✓ SBOM of image already cached, 296 packages indexed
- ✗ Detected 1 vulnerable package with 40 vulnerabilities
+✓ Pulled
+✓ SBOM of image already cached, 296 packages indexed
+✗ Detected 1 vulnerable package with 40 vulnerabilities
- Name Version Type Vulnerabilities
+Name Version Type Vulnerabilities
───────────────────────────────────────────────────────────
- stdlib 1.18 golang 2C 29H 8M 1L
+stdlib 1.18 golang 2C 29H 8M 1L
```
+
+### Display EPSS score (--epss)
+
+The `--epss` flag adds [Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
+scores to the `docker scout cves` output. EPSS scores are estimates of the likelihood (probability)
+that a software vulnerability will be exploited in the wild in the next 30 days.
+The higher the score, the greater the probability that a vulnerability will be exploited.
+
+```console {hl_lines=13,14}
+$ docker scout cves --epss nginx
+ ✓ Provenance obtained from attestation
+ ✓ SBOM obtained from attestation, 232 packages indexed
+ ✓ Pulled
+ ✗ Detected 23 vulnerable packages with a total of 39 vulnerabilities
+
+...
+
+ ✗ HIGH CVE-2023-52425
+ https://scout.docker.com/v/CVE-2023-52425
+ Affected range : >=2.5.0-1
+ Fixed version : not fixed
+ EPSS Score : 0.000510
+ EPSS Percentile : 0.173680
+```
+
+- `EPSS Score` is a floating point number between 0 and 1 representing the probability of exploitation in the wild in the next 30 days (following score publication).
+- `EPSS Percentile` is the percentile of the current score, the proportion of all scored vulnerabilities with the same or a lower EPSS score.
+
+You can use the `--epss-score` and `--epss-percentile` flags to filter the output
+of `docker scout cves` based on these scores. For example,
+to only show vulnerabilities with an EPSS score higher than 0.5:
+
+```console
+$ docker scout cves --epss --epss-score 0.5 nginx
+ ✓ SBOM of image already cached, 232 packages indexed
+ ✓ EPSS scores for 2024-03-01 already cached
+ ✗ Detected 1 vulnerable package with 1 vulnerability
+
+...
+
+ ✗ LOW CVE-2023-44487
+ https://scout.docker.com/v/CVE-2023-44487
+ Affected range : >=1.22.1-9
+ Fixed version : not fixed
+ EPSS Score : 0.705850
+ EPSS Percentile : 0.979410
+```
+
+EPSS scores are updated on a daily basis.
+By default, the latest available score is displayed.
+You can use the `--epss-date` flag to manually specify a date
+in the format `yyyy-mm-dd` for fetching EPSS scores.
+
+```console
+$ docker scout cves --epss --epss-date 2024-01-02 nginx
+```
+
+### List vulnerabilities from an SPDX file
+
+The following example shows how to generate a list of vulnerabilities from an SPDX file using `syft`.
+
+```console
+$ syft -o spdx-json alpine:3.16.1 | docker scout cves sbom://
+ ✔ Pulled image
+ ✔ Loaded image alpine:3.16.1
+ ✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
+ ✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
+ ├── ✔ Packages [14 packages]
+ ├── ✔ File digests [75 files]
+ ├── ✔ File metadata [75 locations]
+ └── ✔ Executables [16 executables]
+ ✗ Detected 2 vulnerable packages with a total of 11 vulnerabilities
+
+
+## Overview
+
+ │ Analyzed SBOM
+────────────────────┼──────────────────────────────
+ Target │
+ digest │ 274a317d88b5
+ platform │ linux/arm64
+ vulnerabilities │ 1C 2H 8M 0L
+ packages │ 15
+
+
+## Packages and Vulnerabilities
+
+ 1C 0H 0M 0L zlib 1.2.12-r1
+pkg:apk/alpine/zlib@1.2.12-r1?arch=aarch64&distro=alpine-3.16.1
+
+ ✗ CRITICAL CVE-2022-37434
+ https://scout.docker.com/v/CVE-2022-37434
+ Affected range : <1.2.12-r2
+ Fixed version : 1.2.12-r2
+
+ ...
+
+11 vulnerabilities found in 2 packages
+ LOW 0
+ MEDIUM 8
+ HIGH 2
+ CRITICAL 1
+```
\ No newline at end of file
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md
index 05123cdd6b..a8f4880bbb 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md
@@ -52,6 +52,8 @@ or if you want to control from where the image will be resolved, you must prefix
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
+- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
+ In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
## Examples
@@ -76,3 +78,19 @@ $ docker scout quickview golang:1.19.4
```console
$ docker scout qv
```
+
+### Quick overview from an SPDX file
+
+```console
+$ syft -o spdx-json alpine:3.16.1 | docker scout quickview sbom://
+ ✔ Loaded image alpine:3.16.1
+ ✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
+ ✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
+ ├── ✔ Packages [14 packages]
+ ├── ✔ File digests [75 files]
+ ├── ✔ File metadata [75 locations]
+ └── ✔ Executables [16 executables]
+
+ Target │ │ 1C 2H 8M 0L
+ digest │ 274a317d88b5 │
+```
diff --git a/_vendor/modules.txt b/_vendor/modules.txt
index 63e05fa60d..3959b3cd1c 100644
--- a/_vendor/modules.txt
+++ b/_vendor/modules.txt
@@ -1,6 +1,6 @@
# github.com/moby/moby v25.0.4+incompatible
# github.com/moby/buildkit v0.13.0
# github.com/docker/buildx v0.13.1
-# github.com/docker/scout-cli v1.4.1
+# github.com/docker/scout-cli v1.6.0
# github.com/docker/cli v26.0.0-rc1+incompatible
# github.com/docker/compose/v2 v2.25.0
diff --git a/go.mod b/go.mod
index a4e7c8cb39..452dddfcff 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
github.com/docker/buildx v0.13.1 // indirect
github.com/docker/cli v26.0.0-rc1+incompatible // indirect
github.com/docker/compose/v2 v2.25.0 // indirect
- github.com/docker/scout-cli v1.4.1 // indirect
+ github.com/docker/scout-cli v1.6.0 // indirect
github.com/moby/buildkit v0.13.0 // indirect
github.com/moby/moby v25.0.4+incompatible // indirect
)
@@ -17,7 +17,7 @@ replace (
github.com/docker/buildx => github.com/docker/buildx v0.13.1
github.com/docker/cli => github.com/docker/cli v25.0.4+incompatible
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.24.7
- github.com/docker/scout-cli => github.com/docker/scout-cli v1.4.1
+ github.com/docker/scout-cli => github.com/docker/scout-cli v1.6.0
github.com/moby/buildkit => github.com/moby/buildkit v0.13.0-rc3.0.20240308080452-a38011b9f57d
github.com/moby/moby => github.com/moby/moby v25.0.4+incompatible
)
diff --git a/go.sum b/go.sum
index 6ad12ef9fd..db31afc1a6 100644
--- a/go.sum
+++ b/go.sum
@@ -154,6 +154,8 @@ github.com/docker/scout-cli v1.3.0 h1:mL9y1yB/DR/dAar71z0w8u8et9o2272Mrjxtb59ds3
github.com/docker/scout-cli v1.3.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.4.1 h1:jRHO3LI3x2eMrvObKC6uadoRATbwZSXm1NafSzo9Cu4=
github.com/docker/scout-cli v1.4.1/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
+github.com/docker/scout-cli v1.6.0 h1:07Kn2d/AshUSUk64ArZzE31lj4h7waGi8tjrFXxMZLY=
+github.com/docker/scout-cli v1.6.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
From f9e3460e153de514a80ab8d3089f41dc7d5b40d8 Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Wed, 20 Mar 2024 04:48:07 +0100
Subject: [PATCH 2/2] fix: patch invalid hl_lines syntax in upstream codeblock
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
.../github.com/docker/scout-cli/docs/docker_scout_cves.yaml | 2 +-
hugo_stats.json | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
index 76fd9e1c37..deb2a2f66d 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
@@ -448,7 +448,7 @@ examples: |-
that a software vulnerability will be exploited in the wild in the next 30 days.
The higher the score, the greater the probability that a vulnerability will be exploited.
- ```console {hl_lines=13,14}
+ ```console {hl_lines="13,14"}
$ docker scout cves --epss nginx
✓ Provenance obtained from attestation
✓ SBOM obtained from attestation, 232 packages indexed
diff --git a/hugo_stats.json b/hugo_stats.json
index f11bad8742..206a2cfeb6 100644
--- a/hugo_stats.json
+++ b/hugo_stats.json
@@ -14,6 +14,7 @@
"Angular",
"Arch",
"Arch-Linux",
+ "Azure-Connect-OIDC",
"Azure-DevOps",
"Bake",
"Bash",
@@ -35,6 +36,7 @@
"Docker-Engine",
"Docker-Hub",
"Download",
+ "Entra-ID-SAML-2.0",
"Fedora",
"For-Mac-and-Linux",
"For-Mac-with-Apple-silicon",
@@ -69,6 +71,7 @@
"Mac-with-Intel-chip",
"Node",
"Non-compliant",
+ "Okta",
"PowerShell",
"PowerShell-CLI",
"Python",