Merge pull request #17907 from dvdksn/scout/data-handling-local-analysis

scout: clarify data handling for local analysis
This commit is contained in:
David Karlsson 2023-08-14 11:18:37 +02:00 committed by GitHub
commit e0a96ce0d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions

View File

@ -27,7 +27,7 @@ Docker and OCI image metadata:
Software Bill of Materials (SBOM) metadata:
- Advisory prefix URL (PURL)
- Package URLs (PURL)
- Package author and description
- License IDs
- Package name and namespace
@ -45,6 +45,10 @@ information on the SBOM. If there's a match, the results of the match are
displayed in the user interfaces where Docker Scout data is surfaced, such as
the Docker Scout Dashboard and in Docker Desktop.
For images analyzed locally on a developer's machine, Docker Scout only
transmits PURLs and layer digests. This data is not persistently stored on the
Docker Scout platform; it's only used to run the analysis.
## Data storage
For the purposes of providing the Docker Scout service, data is stored using: