Skip to content

v1.11.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Jul 08:22
v1.11.0
2be4dde
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Highlights

  • Filter CVEs listed in the CISA Known Exploited Vulnerabilities catalog.

    $ docker scout cves [IMAGE] --only-cisa-kev

... (cropped output) ...
## Packages and Vulnerabilities

0C     1H     0M     0L  io.netty/netty-codec-http2 4.1.97.Final
pkg:maven/io.netty/netty-codec-http2@4.1.97.Final

✗ HIGH CVE-2023-44487  CISA KEV  [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
  https://scout.docker.com/v/CVE-2023-44487
  Affected range  : <4.1.100
  Fixed version   : 4.1.100.Final
  CVSS Score      : 7.5
  CVSS Vector     : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
... (cropped output) ...

  • Add --dry-run flag for docker scout push command to not push the image but process it.

  • Switch to Scout v2 manifest format (application/vnd.scout.manifest.v2+json) using base64-encoded objects.

  • Add new binary classifiers for spiped, swift, eclipse-mosquitto and znc.

Bug Fixes / Improvements

  • Allow VEX matching when no subcomponents.
  • Fix panic when attaching an invalid VEX document.
  • Fix SPDX document root.
  • Fix base image detection when image uses SCRATCH as the base image.

Contributors

@cdupuis @LaurentGoderre @felipecruz91

Assets 9
Loading