Releases: docker/scout-cli
Releases · docker/scout-cli
v1.9.3
v1.9.1
Highlights
- Add support for the GitLab container scanning file format with
--format gitlabondocker scout cvescommand
Here is a pipeline example:docker-build: # Use the official docker image. image: docker:cli stage: build services: - docker:dind variables: DOCKER_IMAGE_NAME: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG before_script: - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY # Install curl and the Docker Scout CLI - | apk add --update curl curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- apk del curl rm -rf /var/cache/apk/* # Login to Docker Hub required for Docker Scout CLI - echo "$DOCKER_HUB_PAT" | docker login --username "$DOCKER_HUB_USER" --password-stdin # All branches are tagged with $DOCKER_IMAGE_NAME (defaults to commit ref slug) # Default branch is also tagged with `latest` script: - docker buildx b --pull -t "$DOCKER_IMAGE_NAME" . - docker scout cves "$DOCKER_IMAGE_NAME" --format gitlab --output gl-container-scanning-report.json - docker push "$DOCKER_IMAGE_NAME" - | if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then docker tag "$DOCKER_IMAGE_NAME" "$CI_REGISTRY_IMAGE:latest" docker push "$CI_REGISTRY_IMAGE:latest" fi # Run this job in a branch where a Dockerfile exists rules: - if: $CI_COMMIT_BRANCH exists: - Dockerfile artifacts: reports: container_scanning: gl-container-scanning-report.json
Bug Fixes / Improvements
- Support single arch images for
docker scout attest addcommand - Indicate if an image provenance has not been created using max mode on
docker scout quickviewanddocker scout recommendationscommands.
Without max mode, base image might be auto-detected and might result in less accurate results.
Contributors
v1.8.0
v1.7.0
Highlights
docker scout pushcommand: index an image then push the resulting SBOM to Docker Scout
Bug Fixes / Improvements
- Fix adding attestation (like vex statements) to a private image
- fix image processing for
scratch"images" docker scout sbom://can read Scout's SBOM$ docker scout sbom IMAGE | docker scout qv sbom://- Add classifier for Joomla
Contributors
v1.6.4
Bug Fix
Fix epoch handling for rpm-based images
Contributor(s)
v1.6.3
Bug Fixes / Improvements
- improve package detection to ignore referenced but not installed packages
Contributors
v1.6.2
Highlights
- EPSS data are now fetch backend side so the CLI doesn't need anymore to fetch them locally.
In comparison tov1.6.0--epss-dateparameter has been removed anddocker scout cache prune --epsshas been removed.
Bug Fixes / Improvements
- fix an issue when rendering markdown output using
sbom://prefix
Contributors
v1.6.0
Highlights
- Add support for passing in SBOM files in SDPX or in-toto SDPX format
$ docker scout cves sbom://path/to/sbom.spdx.json - Add support for SBOM files in syft-json format
$ docker scout cves sbom://path/to/sbom.syft.json - Reads sbom files from the standard input
$ syft -o json alpine | docker scout cves sbom:// - Prioritise CVEs by EPSS score
--epssto display and prioritise the CVEs--epss-scoreand--epss-percentileto filter by score and percentile- prune cached EPSS files with
$ docker scout cache prune --epss
- Use Windows cache from WSL2
When inside WSL2 with Docker Desktop running, thedocker scoutCLI will now use the cache from Windows side. That way if an image has been indexed for instance by Docker Desktop there's no need anymore to re-index it on WSL2 side. - Indexing using the CLI is now blocked if it has been disabled using Settings Management feature
Bug Fixes / Improvements
- Fix panic when indexing single image
oci-dirinput - Improve local attestation support with the
containerdimage store
Contributors
v1.5.2
General bug fixes and performance improvements