diff --git a/content/manuals/dhi/core-concepts/cves.md b/content/manuals/dhi/core-concepts/cves.md index cb707c08f2d9..aaa40857926a 100644 --- a/content/manuals/dhi/core-concepts/cves.md +++ b/content/manuals/dhi/core-concepts/cves.md @@ -153,19 +153,18 @@ manual configuration needed. To manually retrieve the VEX attestation for tools that support it: ```console -$ docker scout attest get \ - --predicate-type https://openvex.dev/ns/v0.2.0 \ - --predicate \ - /dhi-: --platform > vex.json +$ docker scout vex get /dhi-: --output vex.json ``` +> [!NOTE] +> +> The `docker scout vex get` command requires [Docker Scout +> CLI](https://github.com/docker/scout-cli/) version 1.18.3 or later. + For example: ```console -$ docker scout attest get \ - --predicate-type https://openvex.dev/ns/v0.2.0 \ - --predicate \ - docs/dhi-python:3.13 --platform linux/amd64 > vex.json +$ docker scout vex get docs/dhi-python:3.13 --output vex.json ``` This creates a `vex.json` file containing the VEX statements for the specified diff --git a/content/manuals/dhi/core-concepts/vex.md b/content/manuals/dhi/core-concepts/vex.md index 0c334dfc9cb4..c172f1ad1624 100644 --- a/content/manuals/dhi/core-concepts/vex.md +++ b/content/manuals/dhi/core-concepts/vex.md @@ -63,19 +63,18 @@ manual configuration is needed. To manually retrieve the VEX attestation for tools that support it: ```console -$ docker scout attest get \ - --predicate-type https://openvex.dev/ns/v0.2.0 \ - --predicate \ - /dhi-: --platform > vex.json +$ docker scout vex get /dhi-: --output vex.json ``` +> [!NOTE] +> +> The `docker scout vex get` command requires [Docker Scout +> CLI](https://github.com/docker/scout-cli/) version 1.18.3 or later. + For example: ```console -$ docker scout attest get \ - --predicate-type https://openvex.dev/ns/v0.2.0 \ - --predicate \ - docs/dhi-python:3.13 --platform linux/amd64 > vex.json +$ docker scout vex get docs/dhi-python:3.13 --output vex.json ``` This creates a `vex.json` file containing the VEX statements for the specified diff --git a/content/manuals/dhi/how-to/scan.md b/content/manuals/dhi/how-to/scan.md index 05f8cfc95b5e..76b6ed1fd1eb 100644 --- a/content/manuals/dhi/how-to/scan.md +++ b/content/manuals/dhi/how-to/scan.md @@ -191,26 +191,26 @@ runtime behavior. When using Docker Scout, these VEX statements are automatically applied and no manual configuration needed. -To manually create a JSON file VEX attestation for tools that support it: +To manually create a JSON file of VEX attestations for tools that support it: ```console -$ docker scout attest get \ - --predicate-type https://openvex.dev/ns/v0.2.0 \ - --predicate \ - /dhi-: --platform > vex.json +$ docker scout vex get /dhi-: --output vex.json ``` +> [!NOTE] +> +> The `docker scout vex get` command requires [Docker Scout +> CLI](https://github.com/docker/scout-cli/) version 1.18.3 or later. + For example: ```console -$ docker scout attest get \ - --predicate-type https://openvex.dev/ns/v0.2.0 \ - --predicate \ - docs/dhi-python:3.13 --platform linux/amd64 > vex.json +$ docker scout vex get docs/dhi-python:3.13 --output vex.json ``` This creates a `vex.json` file containing the VEX statements for the specified -image. You can then use this file with tools that support VEX to filter out known non-exploitable CVEs. +image. You can then use this file with tools that support VEX to filter out +known non-exploitable CVEs. For example, with Grype and Trivy, you can use the `--vex` flag to apply the VEX statements during the scan: