mirror of https://github.com/docker/docs.git
Merge pull request #20229 from dvdksn/scout-overview-pages
scout overview pages
This commit is contained in:
commit
ea34ef63d6
|
@ -226,7 +226,7 @@ $ docker buildx build --attest type=sbom,generator=<image> .
|
|||
> **Tip**
|
||||
>
|
||||
> The Docker Scout SBOM generator is available. See
|
||||
> [Docker Scout SBOMs](../../scout/sbom.md#attest).
|
||||
> [Docker Scout SBOMs](/scout/how-tos/view-create-sboms.md).
|
||||
{ .tip }
|
||||
|
||||
## SBOM attestation example
|
||||
|
|
|
@ -52,8 +52,8 @@ To inspect an image, select the image row. Inspecting an image displays detailed
|
|||
- Vulnerabilities found
|
||||
- Packages inside the image
|
||||
|
||||
[Docker Scout](../../scout/index.md) powers this vulnerability information.
|
||||
For more information about this view, see [Image details view](../../scout/image-details-view.md)
|
||||
[Docker Scout](/scout/_index.md) powers this vulnerability information.
|
||||
For more information about this view, see [Image details view](/scout/explore/image-details-view.md)
|
||||
|
||||
## Pull the latest image from Docker Hub
|
||||
|
||||
|
@ -102,4 +102,4 @@ Hovering over an image tag reveals two options:
|
|||
|
||||
## Additional resources
|
||||
|
||||
- [What is an image?](../../guides/docker-concepts/the-basics/what-is-an-image.md)
|
||||
- [What is an image?](../../guides/docker-concepts/the-basics/what-is-an-image.md)
|
||||
|
|
|
@ -123,7 +123,7 @@ To view the vulnerability report:
|
|||

|
||||
|
||||
For more information on this view, see
|
||||
[Image details view](../scout/image-details-view.md).
|
||||
[Image details view](/scout/explore/image-details-view.md).
|
||||
|
||||
### Inspect vulnerabilities
|
||||
|
||||
|
|
|
@ -0,0 +1,61 @@
|
|||
---
|
||||
title: Software supply chain security
|
||||
description: Learn about software supply chain security (S3C), what it means, and why it is important.
|
||||
keywords: docker scout, secure, software, supply, chain, security, sssc, sscs, s3c
|
||||
---
|
||||
|
||||
The term "software supply chain" refers to the end-to-end process of developing
|
||||
and delivering software, from the development to deployment and maintenance.
|
||||
Software supply chain security, or "S3C" for short, is the practice for
|
||||
protecting the components and processes of the supply chain.
|
||||
|
||||
S3C is a fundamental change in how organizations approach software security.
|
||||
Traditionally in the software industry, security and compliance has been mostly
|
||||
an afterthought, left to the software delivery or release phase. With S3C,
|
||||
security is integrated into the entire software development lifecycle, from the
|
||||
inner loop of development and testing, to the outer loop of shipping and
|
||||
monitoring.
|
||||
|
||||
Following industry best practices for software supply chain conduct is
|
||||
important because it helps organizations protect their software from security
|
||||
threats, compliance risks, and other vulnerabilities. Implementing a software
|
||||
supply chain security framework improves visibility, collaboration, and
|
||||
traceability of a project across stakeholders. This helps organizations detect,
|
||||
respond to, and remediate threats more effectively.
|
||||
|
||||
## Securing the software supply chain
|
||||
|
||||
Building a secure software supply chain involves several key steps, such as:
|
||||
|
||||
- Identify the software components and dependencies you use to build and run
|
||||
your applications.
|
||||
- Automate security testing throughout the software development lifecycle.
|
||||
- Monitor your software supply chain for security threats.
|
||||
- Implement security policies that govern how software is built, and the
|
||||
components it contains.
|
||||
|
||||
Managing the software supply chain is a complex task, especially in the modern
|
||||
day where software is built using multiple components from different sources.
|
||||
Organizations need to have a clear understanding of the software components
|
||||
they use, and the security risks associated with them.
|
||||
|
||||
## Docker Scout
|
||||
|
||||
Docker Scout is a platform designed to help organizations secure their software
|
||||
supply chain. It provides tools and services for identifying and managing
|
||||
software assets and policies, and automated remediation of security threats.
|
||||
|
||||
Unlike traditional security tools that focus on scheduled, point-in-time scans
|
||||
at specific stages in the software development lifecycle, Docker Scout uses a
|
||||
modern event-driven model that spans the entire software supply chain. This
|
||||
means that when a new vulnerability affecting your images is disclosed, your
|
||||
updated risk assessment is available within seconds, and earlier in the
|
||||
development process.
|
||||
|
||||
Docker Scout works by analyzing the composition of your images to create a
|
||||
[Software Bill of Materials (SBOM)](/scout/concepts/sbom.md). The SBOM is
|
||||
cross-referenced against the security advisories to identify CVEs that affect
|
||||
your images. Docker Scout integrates with [over 20 different security
|
||||
advisories](/scout/deep-dive/advisory-db-sources.md), and updates its
|
||||
vulnerability database in real-time. This ensures that your security posture is
|
||||
represented using the latest available information.
|
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
title: Software Bill of Materials
|
||||
description: Learn about Software Bill of Materials (SBOM) and how Docker Scout uses it.
|
||||
keywords: scout, sbom, software bill of materials, analysis, composition
|
||||
---
|
||||
|
||||
A Bill of Materials (BOM) is a list of materials, parts, and the quantities of
|
||||
each needed to manufacture a product. For example, a BOM for a computer might
|
||||
list the motherboard, CPU, RAM, power supply, storage devices, case, and other
|
||||
components, along with the quantities of each that are needed to build the
|
||||
computer.
|
||||
|
||||
A Software Bill of Materials (SBOM) is a list of all the components that make
|
||||
up a piece of software. This includes open source and third-party components,
|
||||
as well as any custom code that has been written for the software. An SBOM is
|
||||
similar to a BOM for a physical product, but for software.
|
||||
|
||||
In the context of software supply chain security, SBOMs can help with
|
||||
identifying and mitigating security and compliance risks in software. By
|
||||
knowing exactly what components are used in a piece of software, you can
|
||||
quickly identify and patch vulnerabilities in your components, or determine if
|
||||
a component is licensed in a way that is incompatible with your project.
|
||||
|
||||
## Contents of an SBOM
|
||||
|
||||
An SBOM typically includes the following information:
|
||||
|
||||
- The name of the software, such as the name of a library or framework, that
|
||||
the SBOM describes.
|
||||
- The version of the software.
|
||||
- The license under which the software is distributed.
|
||||
- A list of other components that the software depends on.
|
||||
|
||||
## How Docker Scout uses SBOMs
|
||||
|
||||
Docker Scout uses SBOMs to determine the components that are used in a Docker
|
||||
image. When you analyze an image, Docker Scout will either use the SBOM that is
|
||||
attached to the image (using [attestations](/build/attestations/_index.md)), or
|
||||
it will generate an SBOM on the fly by analyzing the contents of the image.
|
||||
|
||||
The SBOM is cross-referenced with the [advisory database](/scout/deep-dive/advisory-db-sources.md)
|
||||
to determine if any of the components in the image have known vulnerabilities.
|
||||
|
||||
## Additional resources
|
||||
|
||||
To learn more about generating SBOMs and how SBOMs are used in Docker Scout,
|
||||
see:
|
||||
|
||||
- [Image analysis in Docker Scout](/scout/explore/analysis.md)
|
||||
- [View and create SBOMs](/scout/how-tos/view-create-sboms.md)
|
|
@ -3,6 +3,8 @@ description: More details on the advisory database and CVE-to-package matching s
|
|||
behind Docker Scout analysis.
|
||||
keywords: scout, scanning, analysis, vulnerabilities, Hub, supply chain, security, packages, repositories, ecosystem
|
||||
title: Advisory database sources and matching service
|
||||
aliases:
|
||||
/scout/advisory-db-sources/
|
||||
---
|
||||
|
||||
Reliable information sources are key for Docker Scout's ability to
|
||||
|
@ -53,7 +55,7 @@ The database stores the Software Bill of Materials (SBOM) and other metadata abo
|
|||
When a security advisory has new information about a vulnerability,
|
||||
your SBOM is cross-referenced with the CVE information to detect how it affects you.
|
||||
|
||||
For more details on how image analysis works, see the [image analysis page](./image-analysis.md).
|
||||
For more details on how image analysis works, see the [image analysis page](/scout/explore/analysis.md).
|
||||
|
||||
## Vulnerability matching
|
||||
|
|
@ -5,6 +5,8 @@ keywords: |
|
|||
materials, config, ports, labels, os, registry, timestamp, digest, layers,
|
||||
architecture, license, dependencies, base image
|
||||
title: Data collection and storage in Docker Scout
|
||||
aliases:
|
||||
/scout/data-handling/
|
||||
---
|
||||
|
||||
Docker Scout's image analysis works by collecting metadata from the container
|
||||
|
@ -68,7 +70,7 @@ and packages, and application-level packages such as maven, npm, and so on.
|
|||
### Environment metadata
|
||||
|
||||
If you integrate Docker Scout with your runtime environment via the
|
||||
[Sysdig integration](./integrations/environment/sysdig.md),
|
||||
[Sysdig integration](/scout/integrations/environment/sysdig.md),
|
||||
Docker Scout collects the following data points about your deployments:
|
||||
|
||||
- Kubernetes namespace
|
||||
|
@ -83,7 +85,7 @@ Docker Scout platform; it's only used to run the analysis.
|
|||
|
||||
### Provenance
|
||||
|
||||
For images with [provenance attestations](../build/attestations/slsa-provenance.md),
|
||||
For images with [provenance attestations](/build/attestations/slsa-provenance.md),
|
||||
Docker Scout stores the following data in addition to the SBOM:
|
||||
|
||||
- Materials
|
|
@ -6,6 +6,7 @@ description:
|
|||
keywords: scout, scanning, vulnerabilities, supply chain, security, analysis
|
||||
aliases:
|
||||
- /scout/advanced-image-analysis/
|
||||
- /scout/image-analysis/
|
||||
---
|
||||
|
||||
When you activate image analysis for a repository,
|
||||
|
@ -13,7 +14,7 @@ Docker Scout automatically analyzes new images that you push to that repository.
|
|||
|
||||
Image analysis extracts the Software Bill of Material (SBOM)
|
||||
and other image metadata,and evaluates it against vulnerability data from
|
||||
[security advisories](./advisory-db-sources.md).
|
||||
[security advisories](/scout/deep-dive/advisory-db-sources.md).
|
||||
|
||||
If you run image analysis as a one-off task using the CLI or Docker Desktop,
|
||||
Docker Scout won't store any data about your image.
|
||||
|
@ -25,19 +26,19 @@ This dynamic evaluation means there's no need to re-analyze images when new CVE
|
|||
|
||||
Docker Scout image analysis is available by default for Docker Hub repositories.
|
||||
You can also integrate third-party registries and other services. To learn more,
|
||||
see [Integrating Docker Scout with other systems](./integrations/_index.md).
|
||||
see [Integrating Docker Scout with other systems](/scout/integrations/_index.md).
|
||||
|
||||
## Activate Docker Scout on a repository
|
||||
|
||||
The free tier of Docker Scout lets you use Docker Scout for up to 3
|
||||
repositories per Docker organization. You can update your Docker Scout plan if
|
||||
you need additional repositories, see [Docker Scout
|
||||
billing](../billing/scout-billing.md).
|
||||
billing](/billing/scout-billing.md).
|
||||
|
||||
Before you can activate image analysis on a repository in a third-party registry,
|
||||
the registry must be integrated with Docker Scout for your Docker organization.
|
||||
Docker Hub is integrated by default. For more information, see
|
||||
See [Container registry integrations](./integrations/_index.md#container-registries)
|
||||
See [Container registry integrations](/scout/integrations/_index.md#container-registries)
|
||||
|
||||
> **Note**
|
||||
>
|
||||
|
@ -74,13 +75,13 @@ analysis is activated.
|
|||
```
|
||||
|
||||
Building with the `--provenance=true` and `--sbom=true` flags attaches
|
||||
[build attestations](../build/attestations/_index.md) to the image. Docker
|
||||
[build attestations](/build/attestations/_index.md) to the image. Docker
|
||||
Scout uses attestations to provide more fine-grained analysis results.
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> The default `docker` driver only supports build attestations if you use the
|
||||
> [containerd image store](../desktop/containerd.md).
|
||||
> [containerd image store](/desktop/containerd.md).
|
||||
|
||||
3. Go to the [Images page](https://scout.docker.com/reports/images) in the Docker Scout Dashboard.
|
||||
|
||||
|
@ -182,13 +183,13 @@ $ docker scout cves --format only-packages --only-vuln-packages \
|
|||
For more information about these commands and how to use them, refer to the CLI
|
||||
reference documentation:
|
||||
|
||||
- [`docker scout quickview`](../reference/cli/docker/scout/quickview.md)
|
||||
- [`docker scout cves`](../reference/cli/docker/scout/cves.md)
|
||||
- [`docker scout quickview`](/reference/cli/docker/scout/quickview.md)
|
||||
- [`docker scout cves`](/reference/cli/docker/scout/cves.md)
|
||||
|
||||
## Vulnerability severity assessment
|
||||
|
||||
Docker Scout assigns a severity rating to vulnerabilities based on
|
||||
vulnerability data from [advisory sources](./advisory-db-sources.md).
|
||||
vulnerability data from [advisory sources](/scout/deep-dive/advisory-db-sources.md).
|
||||
Advisories are ranked and prioritized depending on the type of package that's
|
||||
affected by a vulnerability. For example, if a vulnerability affects an OS
|
||||
package, the severity level assigned by the distribution maintainer is
|
||||
|
@ -230,7 +231,7 @@ Image analysis on the Docker Scout platform, and analysis triggered by backgroun
|
|||
indexing in Docker Desktop, has an image file size limit of 10 GB (uncompressed).
|
||||
To analyze images larger than that, you can either:
|
||||
|
||||
- Attach [SBOM attestations](../build/attestations/sbom.md) at build-time
|
||||
- Attach [SBOM attestations](/build/attestations/sbom.md) at build-time
|
||||
- Use the [CLI](#cli) to analyze the image locally
|
||||
|
||||
Images analyzed locally with the CLI and images with SBOM attestations
|
|
@ -6,6 +6,7 @@ title: Dashboard
|
|||
aliases:
|
||||
- /scout/reports/
|
||||
- /scout/web-app/
|
||||
- /scout/dashboard/
|
||||
---
|
||||
|
||||
The [Docker Scout Dashboard](https://scout.docker.com/) helps you share the
|
||||
|
@ -17,19 +18,19 @@ vulnerabilities and issues they need to focus on.
|
|||
|
||||
## Overview
|
||||
|
||||

|
||||

|
||||
|
||||
The **Overview** tab provides a summary for the repositories in the selected
|
||||
organization.
|
||||
|
||||
At the top of this page, you can select which **Environment** to view.
|
||||
By default, the most recently pushed images are shown. To learn more about
|
||||
environments, see [Environment monitoring](./integrations/environment/_index.md).
|
||||
environments, see [Environment monitoring](/scout/integrations/environment/_index.md).
|
||||
|
||||
The **Policy** boxes show your current compliance rating for each policy, and a
|
||||
trend indication for the selected environment. The trend describes the policy
|
||||
delta for the most recent images compared to the previous version.
|
||||
For more information about policies, see [Policy Evaluation](./policy/_index.md).
|
||||
For more information about policies, see [Policy Evaluation](/scout/policy/_index.md).
|
||||
|
||||
The vulnerability chart shows the total number of vulnerabilities for images in
|
||||
the selected environment over time. You can configure the timescale for the
|
||||
|
@ -52,14 +53,14 @@ The **Policies** view shows a breakdown of policy compliance for all of the
|
|||
images in the selected organization and environment. You can use the **Image**
|
||||
drop-down menu to view a policy breakdown for a specific environment.
|
||||
|
||||
For more information about policies, see [Policy Evaluation](./policy/_index.md).
|
||||
For more information about policies, see [Policy Evaluation](/scout/policy/_index.md).
|
||||
|
||||
## Images
|
||||
|
||||
The **Images** view shows all images in Scout-enabled repositories for the selected environment.
|
||||
You can filter the list by selecting a different environment, or by repository name using the text filter.
|
||||
|
||||

|
||||

|
||||
|
||||
For each repository, the list displays the following details:
|
||||
|
||||
|
@ -79,7 +80,7 @@ This view contains two tabs that detail the composition and policy compliance fo
|
|||
- **Policy status** shows the policy evaluation results for the selected image.
|
||||
Here you also have links for details about the policy violations.
|
||||
|
||||
For more information about policy, see [Policy Evaluation](./policy/_index.md).
|
||||
For more information about policy, see [Policy Evaluation](/scout/policy/_index.md).
|
||||
|
||||
- **Image layers** shows a breakdown of the image analysis results.
|
||||
You can get a complete view of the vulnerabilities your image contains
|
||||
|
@ -90,7 +91,7 @@ This view contains two tabs that detail the composition and policy compliance fo
|
|||
The **Vulnerabilities** view shows a list of all vulnerabilities for images in the organization.
|
||||
This list includes details about CVE such as the severity and Common Vulnerability Scoring System (CVSS) score,
|
||||
as well as whether there's a fix version available.
|
||||
The CVSS score displayed here is the highest score out of all available [sources](./advisory-db-sources.md).
|
||||
The CVSS score displayed here is the highest score out of all available [sources](/scout/deep-dive/advisory-db-sources.md).
|
||||
|
||||
Selecting the links on this page opens the vulnerability details page,
|
||||
This page is a publicly visible page, and shows detailed information about a CVE.
|
||||
|
@ -105,7 +106,7 @@ affected by the CVE.
|
|||
The **Integrations** page lets you create and manage your Docker Scout
|
||||
integrations, such as environment integrations and registry integrations. For
|
||||
more information on how to get started with integrations, see
|
||||
[Integrating Docker Scout with other systems](./integrations/_index.md).
|
||||
[Integrating Docker Scout with other systems](/scout/integrations/_index.md).
|
||||
|
||||
## Settings
|
||||
|
||||
|
@ -123,7 +124,7 @@ included in your plan, compare it with other available plans, and change the
|
|||
plan if you're an organization owner.
|
||||
|
||||
For more information about subscription plans, see
|
||||
[Docker Scout subscriptions and features](../subscription/scout-details.md)
|
||||
[Docker Scout subscriptions and features](/subscription/scout-details.md)
|
||||
|
||||
### Repository settings
|
||||
|
||||
|
@ -131,7 +132,7 @@ When you enable Docker Scout for a repository,
|
|||
Docker Scout analyzes new tags automatically when you push to that repository.
|
||||
To enable repositories in Amazon ECR, Azure ACR, or other third-party registries,
|
||||
you first need to integrate them.
|
||||
See [Container registry integrations](./integrations/_index.md#container-registries)
|
||||
See [Container registry integrations](/scout/integrations/_index.md#container-registries)
|
||||
|
||||
### Notification settings
|
||||
|
||||
|
@ -184,7 +185,7 @@ The available notification settings are:
|
|||
notifications using the browser API.
|
||||
|
||||
From this page, you can also go to the settings for Team collaboration
|
||||
integrations, such as the [Slack](./integrations/team-collaboration/slack.md)
|
||||
integrations, such as the [Slack](/scout/integrations/team-collaboration/slack.md)
|
||||
integration.
|
||||
|
||||
You can also configure your notification settings in Docker Desktop by going
|
|
@ -4,6 +4,8 @@ keywords: scout, supply chain, vulnerabilities, packages, cves, image, tag, scan
|
|||
analysis, analyze
|
||||
description: The Docker Scout image detail view analyzes images to show their heirachy,
|
||||
layers, packages, and vulnerabilities
|
||||
aliases:
|
||||
- /scout/image-details-view
|
||||
---
|
||||
|
||||
The image details view shows a breakdown of the Docker Scout analysis. You can
|
||||
|
@ -12,11 +14,11 @@ access the image view from the Docker Scout Dashboard, the Docker Desktop
|
|||
show a breakdown of the image hierarchy (base images), image layers, packages,
|
||||
and vulnerabilities.
|
||||
|
||||

|
||||

|
||||
|
||||
Docker Desktop first analyzes images locally, where it generates a software bill of materials (SBOM).
|
||||
Docker Desktop, Docker Hub, and the Docker Scout Dashboard and CLI all use the [package URL (PURL) links](https://github.com/package-url/purl-spec)
|
||||
in this SBOM to query for matching Common Vulnerabilities and Exposures (CVEs) in [Docker Scout's advisory database](./advisory-db-sources.md).
|
||||
in this SBOM to query for matching Common Vulnerabilities and Exposures (CVEs) in [Docker Scout's advisory database](/scout/deep-dive/advisory-db-sources.md).
|
||||
|
||||
## Image hierarchy
|
||||
|
||||
|
@ -141,7 +143,7 @@ of `debian` to use. By providing more than one alternative to choose from, you
|
|||
can see for yourself how the options compare with each other, and decide which
|
||||
one to use.
|
||||
|
||||

|
||||

|
||||
|
||||
Select a tag recommendation to see further details of the recommendation.
|
||||
It shows the benefits and potential disadvantages of the tag, why it's a
|
|
@ -4,6 +4,8 @@ description: |
|
|||
Learn how to scrape data from Docker Scout using Prometheus to create your own
|
||||
vulnerability and policy dashboards wiht Grafana
|
||||
keywords: scout, exporter, prometheus, grafana, metrics, dashboard, api, compose
|
||||
aliases:
|
||||
- /scout/metrics-exporter/
|
||||
---
|
||||
|
||||
Docker Scout exposes a metrics HTTP endpoint that lets you scrape vulnerability
|
||||
|
@ -23,7 +25,7 @@ The metrics endpoint exposes the following metrics:
|
|||
|
||||
> **Streams**
|
||||
>
|
||||
> In Docker Scout, the streams concept is a superset of [environments](./integrations/environment/_index.md).
|
||||
> In Docker Scout, the streams concept is a superset of [environments](/scout/integrations/environment/_index.md).
|
||||
> Streams include all runtime environments that you've defined,
|
||||
> as well as the special `latest-indexed` stream.
|
||||
> The `latest-indexed` stream contains the most recently pushed (and analyzed) tag for each repository.
|
||||
|
@ -156,16 +158,16 @@ The Prometheus server runs in a Docker container and is accessible on port 9090.
|
|||
After a few seconds, you should see the metrics endpoint as a target in the
|
||||
Prometheus UI at <http://localhost:9090/targets>.
|
||||
|
||||

|
||||

|
||||
|
||||
### Viewing the metrics in Grafana
|
||||
|
||||
To view the Grafana dashboards, go to <http://localhost:3000/dashboards>,
|
||||
and sign in using the credentials defined in the Docker Compose file (username: `admin`, password: `grafana`).
|
||||
|
||||

|
||||

|
||||
|
||||

|
||||

|
||||
|
||||
The dashboards are pre-configured to visualize the vulnerability and policy metrics scraped by Prometheus.
|
||||
|
||||
|
@ -316,13 +318,13 @@ to see the metrics collected from this example. This configuration will collect
|
|||
all exposed metrics starting with `scout_` under the namespace
|
||||
`scout_metrics_exporter`.
|
||||
|
||||

|
||||

|
||||
|
||||
The following screenshots show examples of a Datadog dashboard containing
|
||||
graphs about vulnerability and policy compliance for a specific [stream](#stream).
|
||||
|
||||

|
||||

|
||||

|
||||

|
||||
|
||||
> The reason why the lines in the graphs look flat is due to the own nature of
|
||||
> vulnerabilities (they don't change too often) and the short time interval
|
|
@ -1,9 +1,11 @@
|
|||
---
|
||||
title: Specify artifact type or location with prefixes
|
||||
title: Use Scout with different artifact types
|
||||
description: |
|
||||
Some of the Docker Scout commands support image references prefixes
|
||||
for controlling the location of the images or files that you want to analyze.
|
||||
keywords: scout, vulnerabilities, analyze, analysis, cli, packages, sbom, cve, security, local, source, code, supply chain
|
||||
aliases:
|
||||
- /scout/image-prefix/
|
||||
---
|
||||
|
||||
Some of the Docker Scout CLI commands support prefixes for specifying
|
||||
|
@ -174,6 +176,6 @@ $ docker scout sbom --format spdx -o sbom.spdx.json archive://scout-cli.tar
|
|||
|
||||
Read about the commands and supported flags in the CLI reference documentation:
|
||||
|
||||
- [`docker scout quickview`](../reference/cli/docker/scout/compare.md)
|
||||
- [`docker scout cves`](../reference/cli/docker/scout/compare.md)
|
||||
- [`docker scout compare`](../reference/cli/docker/scout/compare.md)
|
||||
- [`docker scout quickview`](/reference/cli/docker/scout/quickview.md)
|
||||
- [`docker scout cves`](/reference/cli/docker/scout/cves.md)
|
||||
- [`docker scout compare`](/reference/cli/docker/scout/compare.md)
|
|
@ -1,8 +1,10 @@
|
|||
---
|
||||
title: Environment variables used by Docker Scout
|
||||
title: Configure Docker Scout with environment variables
|
||||
linkTitle: Docker Scout environment variables
|
||||
description: Configure how the behavior of Docker Scout CLI commands using these environment variables
|
||||
keywords: scout, supply chain, cli, environment, variables, env, vars, configure
|
||||
aliases:
|
||||
- /scout/env-vars/
|
||||
---
|
||||
|
||||
The following environment variables are available to configure the Docker Scout
|
|
@ -4,9 +4,10 @@ description: Use Docker Scout to extract the SBOM for your project.
|
|||
keywords: scout, supply chain, sbom, software bill of material, spdx, cli, attestations, file
|
||||
aliases:
|
||||
- /engine/sbom/
|
||||
- /scout/sbom/
|
||||
---
|
||||
|
||||
[Image analysis](./image-analysis.md) uses image SBOMs to understand what packages and versions an image contains.
|
||||
[Image analysis](/scout/explore/analysis.md) uses image SBOMs to understand what packages and versions an image contains.
|
||||
Docker Scout uses SBOM attestations if available on the image (recommended).
|
||||
If no SBOM attestation is available, Docker Scout creates one by indexing the image contents.
|
||||
|
||||
|
@ -56,12 +57,12 @@ $ docker scout sbom --format list alpine
|
|||
```
|
||||
|
||||
For more information about the `docker scout sbom` command, refer to the [CLI
|
||||
reference](../reference/cli/docker/scout/sbom.md).
|
||||
reference](/reference/cli/docker/scout/sbom.md).
|
||||
|
||||
## Attach as build attestation {#attest}
|
||||
|
||||
You can generate the SBOM and attach it to the image at build-time as an
|
||||
[attestation](../build/attestations/_index.md). BuildKit provides a default
|
||||
[attestation](/build/attestations/_index.md). BuildKit provides a default
|
||||
SBOM generator which is different from what Docker Scout uses.
|
||||
You can configure BuildKit to use the Docker Scout SBOM generator
|
||||
using the `--attest` flag for the `docker build` command.
|
||||
|
@ -75,7 +76,7 @@ $ docker build --tag <org>/<image> \
|
|||
```
|
||||
|
||||
To build images with SBOM attestations, you must either turn on
|
||||
the [containerd image store](../desktop/containerd.md) feature, or use a
|
||||
the [containerd image store](/desktop/containerd.md) feature, or use a
|
||||
`docker-container` builder together with the `--push` flag to push the image
|
||||
(with attestations) directly to a registry.
|
||||
|
|
@ -44,6 +44,6 @@ high-severity vulnerabilities.
|
|||
> **Note**
|
||||
>
|
||||
> If you're seeing a `permission denied` error related to the image cache, try
|
||||
> setting the [`DOCKER_SCOUT_CACHE_DIR`](../../env-vars.md) environment
|
||||
> setting the [`DOCKER_SCOUT_CACHE_DIR`](/scout/how-tos/configure-cli.md) environment
|
||||
> variable to a writable directory. Or alternatively, disable local caching
|
||||
> entirely with `DOCKER_SCOUT_NO_CACHE=true`.
|
||||
|
|
|
@ -43,8 +43,8 @@ Docker Scout supports the following runtime integrations:
|
|||
>
|
||||
> Only organization owners can create new environments and set up integrations.
|
||||
> Additionally, Docker Scout only assigns an image to an environment if the
|
||||
> image [has been analyzed](../../image-analysis.md), either manually or
|
||||
> through a [registry integration](../_index.md#container-registries).
|
||||
> image [has been analyzed](/scout/explore/analysis.md), either manually or
|
||||
> through a [registry integration](/scout/integrations/_index.md#container-registries).
|
||||
|
||||
## List environments
|
||||
|
||||
|
@ -79,7 +79,7 @@ comparing the image built from the code in the PR to the corresponding image in
|
|||
staging or production.
|
||||
|
||||
You can also compare with streams using the `--to-env` flag on the
|
||||
[`docker scout compare`](../../../reference/cli/docker/scout/compare.md)
|
||||
[`docker scout compare`](/reference/cli/docker/scout/compare.md)
|
||||
CLI command:
|
||||
|
||||
```console
|
||||
|
|
|
@ -26,7 +26,7 @@ After the integration, Docker Scout automatically pulls and analyzes images
|
|||
that you push to the ECR registry. Metadata about your images are stored on the
|
||||
Docker Scout platform, but Docker Scout doesn't store the container images
|
||||
themselves. For more information about how Docker Scout handles image data, see
|
||||
[Data handling](../../data-handling.md).
|
||||
[Data handling](/scout/deep-dive/data-handling.md).
|
||||
|
||||
### CloudFormation stack template
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ to the Slack channels associated with the webhook.
|
|||
> is not by a newly disclosed CVE, then no notification will be triggered.
|
||||
|
||||
For more information about Docker Scout notifications,
|
||||
see [Notification settings](../../dashboard.md#notification-settings)
|
||||
see [Notification settings](/scout/explore/dashboard.md#notification-settings)
|
||||
|
||||
## Setup
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ with established best practices.
|
|||
## How Policy Evaluation works
|
||||
|
||||
When you activate Docker Scout for a repository, images that you push are
|
||||
[automatically analyzed](../image-analysis.md). The analysis gives you insights
|
||||
[automatically analyzed](/scout/explore/analysis.md). The analysis gives you insights
|
||||
about the composition of your images, including what packages they contain and
|
||||
what vulnerabilities they're exposed to. Policy Evaluation builds on top of the
|
||||
image analysis feature, interpreting the analysis results against the rules
|
||||
|
|
|
@ -274,7 +274,7 @@ to policy customization, and runtime environment monitoring in real-time.
|
|||
|
||||
Check out the following sections:
|
||||
|
||||
- [Image analysis](./image-analysis.md)
|
||||
- [Image analysis](/scout/explore/analysis.md)
|
||||
- [Data sources](/scout/advisory-db-sources)
|
||||
- [Docker Scout Dashboard](/scout/dashboard)
|
||||
- [Integrations](./integrations/_index.md)
|
||||
|
|
|
@ -23,7 +23,7 @@ New features and enhancements released in the second quarter of 2024.
|
|||
|
||||
New HTTP endpoint that lets you scrape data from Docker Scout with Prometheus,
|
||||
to create your own vulnerability and policy dashboards with Grafana.
|
||||
For more information, see [Docker Scout metrics exporter](../metrics-exporter.md).
|
||||
For more information, see [Docker Scout metrics exporter](/scout/explore/metrics-exporter.md).
|
||||
|
||||
## Q1 2024
|
||||
|
||||
|
|
|
@ -71,7 +71,7 @@ If SCIM isn't enabled, you have to manually remove PAT users from the organizati
|
|||
|
||||
### What metadata is collected from container images that Scout analyzes?
|
||||
|
||||
For information about the metadata stored by Docker Scout, see [Data handling](../../scout/data-handling.md).
|
||||
For information about the metadata stored by Docker Scout, see [Data handling](/scout/deep-dive/data-handling.md).
|
||||
|
||||
### How are extensions within the Marketplace vetted for security prior to placement?
|
||||
|
||||
|
|
|
@ -609,10 +609,8 @@
|
|||
- /go/docker-scout/
|
||||
"/scout/quickstart/":
|
||||
- /go/scout-quickstart/
|
||||
"/scout/dashboard/":
|
||||
"/scout/explore/dashboard/":
|
||||
- /go/scout-dashboard/
|
||||
"/scout/ci/":
|
||||
- /go/scout-ci/
|
||||
"/scout/policy/":
|
||||
- /go/scout-policy/
|
||||
"/scout/policy/configure/":
|
||||
|
@ -620,6 +618,8 @@
|
|||
"/build/building/best-practices/#pin-base-image-versions":
|
||||
- /go/base-image-pinning/
|
||||
# integrations
|
||||
"/scout/integrations/ci/":
|
||||
- /go/scout-ci/
|
||||
"/scout/integrations/ci/gha/":
|
||||
- "/go/scout-gha/"
|
||||
"/scout/integrations/ci/gitlab/":
|
||||
|
@ -646,9 +646,9 @@
|
|||
- "/go/scout-github/"
|
||||
"/scout/guides/vex/":
|
||||
- "/go/vex-guide/"
|
||||
"/scout/metrics-exporter/":
|
||||
"/scout/explore/metrics-exporter/":
|
||||
- "/go/scout-metrics-exporter"
|
||||
"/scout/dashboard/#notification-settings":
|
||||
"/scout/explore/dashboard/#notification-settings":
|
||||
- /go/scout-notifications/
|
||||
"/scout/integrations/team-collaboration/slack/":
|
||||
- "/go/scout-slack/"
|
||||
|
|
|
@ -1416,28 +1416,36 @@ Manuals:
|
|||
title: Quickstart
|
||||
- path: /scout/install/
|
||||
title: Install
|
||||
- sectiontitle: Explore Docker Scout
|
||||
- sectiontitle: Concepts
|
||||
section:
|
||||
- path: /scout/dashboard/
|
||||
- path: /scout/concepts/s3c/
|
||||
title: Software supply chain security
|
||||
- path: /scout/concepts/sbom/
|
||||
title: Software Bill of Materials
|
||||
- sectiontitle: Explore
|
||||
section:
|
||||
- path: /scout/explore/analysis/
|
||||
title: Analysis
|
||||
- path: /scout/explore/dashboard/
|
||||
title: Dashboard
|
||||
- path: /scout/image-details-view/
|
||||
- path: /scout/explore/image-details-view/
|
||||
title: Image details view
|
||||
- path: /scout/advisory-db-sources/
|
||||
title: Advisory database
|
||||
- path: /scout/data-handling/
|
||||
title: Data handling
|
||||
- sectiontitle: Use Docker Scout
|
||||
section:
|
||||
- path: /scout/image-analysis/
|
||||
title: Image analysis
|
||||
- path: /scout/image-prefix/
|
||||
title: Specify artifact type or location
|
||||
- path: /scout/sbom/
|
||||
title: SBOM
|
||||
- path: /scout/env-vars/
|
||||
title: Environment variables
|
||||
- path: /scout/metrics-exporter/
|
||||
- path: /scout/explore/metrics-exporter/
|
||||
title: Metrics exporter
|
||||
- sectiontitle: How-tos
|
||||
section:
|
||||
- path: /scout/how-tos/artifact-types/
|
||||
title: Specify artifact type or location
|
||||
- path: /scout/how-tos/view-create-sboms/
|
||||
title: View and create SBOMs
|
||||
- path: /scout/how-tos/configure-cli/
|
||||
title: Configure the CLI
|
||||
- sectiontitle: Deep dive
|
||||
section:
|
||||
- path: /scout/deep-dive/advisory-db-sources/
|
||||
title: Advisory database
|
||||
- path: /scout/deep-dive/data-handling/
|
||||
title: Data handling
|
||||
- sectiontitle: Policy Evaluation
|
||||
section:
|
||||
- path: /scout/policy/
|
||||
|
|
|
@ -11,7 +11,10 @@
|
|||
{{- partialCached "icon" "open_in_new" "open_in_new" -}}
|
||||
</span></a>
|
||||
{{- else if (strings.HasPrefix $url "/") -}}
|
||||
{{/* absolute link, use url as-is */}}
|
||||
{{ if (strings.HasSuffix (urls.Parse $url).Path ".md") }}
|
||||
{{/* abs path to markdown file, use ref */}}
|
||||
{{ $url = (ref .Page $url) }}
|
||||
{{ end }}
|
||||
<a class="link" href="{{ $url }}">{{ .Text | safeHTML }}</a>
|
||||
{{- else -}}
|
||||
{{/* check if the file links to index.md */}}
|
||||
|
|
Loading…
Reference in New Issue