docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17864 from dvdksn/scout/data-handling 

scout: added data handling documentation
This commit is contained in:
David Karlsson 2023-08-09 10:20:47 +02:00 committed by GitHub
parent b92ebe5fbf 1a788ffa50
commit e29944ad49
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_data/toc.yaml
View File

@ -1950,6 +1950,8 @@ manuals:
title: Artifactory integration
- path: /scout/advisory-db-sources/
title: Advisory Database
- path: /scout/data-handling/
title: Data handling
- sectiontitle: Docker Admin (Early Access)
section:

57
scout/data-handling.md Normal file
View File

@ -0,0 +1,57 @@
---
description: How Docker Scout handles image metadata
keywords: scanning, supply chain, security, data, metadata
title: Data collection and storage in Docker Scout
---
{% include scout-early-access.md %}
Docker Scout image analysis works by collecting metadata from the container
images that you analyze. This metadata is stored on the Docker Scout platform.
## Data transmission
Docker Scout collects and sends the following image metadata to the platform.
Docker and OCI image metadata:
- Image creation timestamp
- Image digest
- Ports exposed by the image
- Environment variable names and values
- Name and value of image labels
- Order of image layers
- Hardware architecture
- Operating system type and version
- Registry URL and type
Software Bill of Materials (SBOM) metadata:
- Advisory prefix URL (PURL)
- Package author and description
- License IDs
- Package name and namespace
- Package scheme and size
- Package type and version
- Filepath within the image
- The type of direct dependency
- Total package count
SBOM metadata is used to match package types and versions with public
vulnerability data to infer whether a package is considered vulnerable.
When the Docker Scout platform receives information from its advisory database
about new CVEs (and other risks, such as leaked secrets), it "overlays" this
information on the SBOM. If there's a match, the results of the match are
displayed in the user interfaces where Docker Scout data is surfaced, such as
the Docker Scout Dashboard and in Docker Desktop.
## Data storage
For the purposes of providing the Docker Scout service, data is stored using:
- Amazon Web Services (AWS) on servers located in US-EAST, USA
- Google Cloud Platform (GCP) on servers located in US-EAST, USA
Data is used according to the processes described at
[docker.com/legal](https://www.docker.com/legal/) to provide the key
capabilities of Docker Scout.