mirror of https://github.com/docker/docs.git
66 lines
2.4 KiB
Markdown
66 lines
2.4 KiB
Markdown
---
|
||
title: Securing your software supply chain with Docker Scout
|
||
linkTitle: Docker Scout
|
||
summary: |
|
||
Enhance container security by automating vulnerability detection and
|
||
remediation.
|
||
description: |
|
||
Learn how to use Docker Scout to enhance container security by automating
|
||
vulnerability detection and remediation, ensuring compliance, and protecting
|
||
your development workflow.
|
||
tags: [product-demo]
|
||
aliases:
|
||
- /learning-paths/docker-scout/
|
||
params:
|
||
featured: true
|
||
image: images/learning-paths/scout.png
|
||
time: 20 minutes
|
||
resource_links:
|
||
- title: Docker Scout overview
|
||
url: /scout/
|
||
- title: Docker Scout quickstart
|
||
url: /scout/quickstart/
|
||
- title: Install Docker Scout
|
||
url: /scout/install/
|
||
---
|
||
|
||
When container images are insecure, significant risks can arise. Around 60% of
|
||
organizations have reported experiencing at least one security breach or
|
||
vulnerability incident within a year, [resulting in operational
|
||
disruption][CSA]. These incidents often result in considerable downtime, with
|
||
44% of affected companies experiencing over an hour of downtime per event. The
|
||
financial impact is substantial, with [the average data breach cost reaching
|
||
$4.45 million][IBM]. This highlights the critical importance of maintaining
|
||
robust container security measures.
|
||
|
||
Docker Scout enhances container security by providing automated vulnerability
|
||
detection and remediation, addressing insecure container images, and ensuring
|
||
compliance with security standards.
|
||
|
||
[CSA]: https://cloudsecurityalliance.org/blog/2023/09/21/2023-global-cloud-threat-report-cloud-attacks-are-lightning-fast
|
||
[IBM]: https://www.ibm.com/reports/data-breach
|
||
|
||
## What you'll learn
|
||
|
||
- Define Secure Software Supply Chain (SSSC)
|
||
- Review SBOMs and how to use them
|
||
- Detect and monitor vulnerabilities
|
||
|
||
## Tools integration
|
||
|
||
Works well with Docker Desktop, GitHub Actions, Jenkins, Kubernetes, and
|
||
other CI solutions.
|
||
|
||
## Who’s this for?
|
||
|
||
- DevOps engineers who need to integrate automated security checks into CI/CD
|
||
pipelines to enhance the security and efficiency of their workflows.
|
||
- Developers who want to use Docker Scout to identify and remediate
|
||
vulnerabilities early in the development process, ensuring the production of
|
||
secure container images.
|
||
- Security professionals who must enforce security compliance, conduct
|
||
vulnerability assessments, and ensure the overall security of containerized
|
||
applications.
|
||
|
||
<div id="scout-lp-survey-anchor"></div>
|