From 54f8682327d18a80ae6d44d60c716d0515c3f584 Mon Sep 17 00:00:00 2001 From: Chris Chinchilla Date: Tue, 13 Jun 2023 10:43:59 +0200 Subject: [PATCH] Add details on Docker Scout data flow --- scout/image-details-view.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scout/image-details-view.md b/scout/image-details-view.md index fca3cda507..b5fcb9b6ea 100644 --- a/scout/image-details-view.md +++ b/scout/image-details-view.md @@ -18,6 +18,10 @@ or for a specific base image or layer. ![The image details view in Docker Desktop](./images/dd-image-view.png){:width="700px"} +Docker Desktop first analyzes images locally, where it generates a software bill of materials (SBOM). +Docker Desktop, Docker Hub, and the Docker Scout Dashboard and CLI all use the [package URL (PURL) links](https://github.com/package-url/purl-spec){: target="_blank" rel="noopener" } +in this SBOM to query for matching Common Vulnerabilities and Exposures (CVEs) in [Docker Scout's advisory database](./advisory-db-sources.md). + ## Image hierarchy The image you inspect may have one or more base images represented under **Image hierarchy**.