docs/content/guides/docker-scout/_index.md

66 lines
2.4 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Securing your software supply chain with Docker Scout
linkTitle: Docker Scout
summary: |
Enhance container security by automating vulnerability detection and
remediation.
description: |
Learn how to use Docker Scout to enhance container security by automating
vulnerability detection and remediation, ensuring compliance, and protecting
your development workflow.
tags: [product-demo]
aliases:
- /learning-paths/docker-scout/
params:
featured: true
image: images/learning-paths/scout.png
time: 20 minutes
resource_links:
- title: Docker Scout overview
url: /scout/
- title: Docker Scout quickstart
url: /scout/quickstart/
- title: Install Docker Scout
url: /scout/install/
---
When container images are insecure, significant risks can arise. Around 60% of
organizations have reported experiencing at least one security breach or
vulnerability incident within a year, [resulting in operational
disruption][CSA]. These incidents often result in considerable downtime, with
44% of affected companies experiencing over an hour of downtime per event. The
financial impact is substantial, with [the average data breach cost reaching
$4.45 million][IBM]. This highlights the critical importance of maintaining
robust container security measures.
Docker Scout enhances container security by providing automated vulnerability
detection and remediation, addressing insecure container images, and ensuring
compliance with security standards.
[CSA]: https://cloudsecurityalliance.org/blog/2023/09/21/2023-global-cloud-threat-report-cloud-attacks-are-lightning-fast
[IBM]: https://www.ibm.com/reports/data-breach
## What you'll learn
- Define Secure Software Supply Chain (SSSC)
- Review SBOMs and how to use them
- Detect and monitor vulnerabilities
## Tools integration
Works well with Docker Desktop, GitHub Actions, Jenkins, Kubernetes, and
other CI solutions.
## Whos this for?
- DevOps engineers who need to integrate automated security checks into CI/CD
pipelines to enhance the security and efficiency of their workflows.
- Developers who want to use Docker Scout to identify and remediate
vulnerabilities early in the development process, ensuring the production of
secure container images.
- Security professionals who must enforce security compliance, conduct
vulnerability assessments, and ensure the overall security of containerized
applications.
<div id="scout-lp-survey-anchor"></div>