v0.23.0

⚠️ Please use v0.23.2 or newer instead of this one that contains an issue about organization described below

Previous release notes

Highlights

Cache and Temporary Files

You can know visualise the temporary and cached files generated by docker scout and delete them:

• docker scout cache df
  

• docker scout cache prune
  

Display Only Packages

docker scout cves has a new output format only-packages. It only displays the list of packages and for each their vulnerabilities.

This can be enhanced by adding other filters, for instance:

• --only-package-type golang
• --only-vuln-packages
  With that you have a very quick view of the packages you probably want to upgrade.

Environments

docker scout environment allows to list available environments, list images in an environment and record an image to an environment.

Namespace of Docker Organization

A new flag --org has been added to many commands. It allows to indicate the right namespace of the Docker organization you are using. It defines the context on scout.docker.com when you refer to non Hub images.

To make it easy, you can configure a default organization that will be used unless you specified --org. That way you configure it once and you're done.

What's Changed

• remove uses of docker engine "internals" and fix broken mocks by @thaJeztah
• Update Go and go dependencies by @cdupuis
• go.mod: update github.com/docker/docker v24.0.5 to fix go1.20.6 compat by @thaJeztah
• feat: list and prune temporary and cache files by @eunomie
• feat: help user raising bugs and feature requests by @eunomie
• Add namespace to all DSO queries by @cdupuis
• feat: add only-packages output format for cves command by @eunomie
• feat: allow to configure the default namespace by @eunomie
• Initial version of VEX support by @cdupuis
• feat: display scout logo by @eunomie
• allow to filter out non vulnerable packages by @eunomie
• GHA namespace by @eunomie
• pick a logo that looks smoother by @eunomie
• Replace stream by environment by @eunomie
• ref: make DSO interface public by @eunomie
• feat: improve sbom caching by @eunomie
• Update syft 0.87.1 by @cdupuis
• fix: hint to docker scout cache prune by @eunomie
• improve login message to the user by @eunomie
• ref: rename namespace flag to org by @eunomie
• docs: namespace of the docker organization by @eunomie

v0.22.3

What's Changed

• fix: markdown output of docker scout cves command by @eunomie

v0.22.2

What's Changed

• Don't fail docker scout push when base image is unavailable by @cdupuis

v0.21.1

What's Changed

• Allow docker scout push for local images by @cdupuis

v0.21.0

What's Changed

• Add —stream to cves and quickview by @cdupuis
• Add repo url to version hint by @cdupuis
• GHA README: Add stream example by @mikeparker

New Contributors

• @mikeparker made their first contribution

v0.20.0

What's changed

• Fix error handling with missing/invalid attestation by @cdupuis
• Use OSC 8 hyperlinks by @cdupuis
• Support for multi-stage SBOMs by @cdupuis

v0.19.0

What's Changed

• Lowercase image refs for GitHub Action by @mcapell
• Fix --exit-code on cves command in GitHub Action by @cdupuis
• Add push command to upload an image to Docker Scout by @cdupuis
• Require login for GitHub Action and reject CSP accounts by @cdupuis

v0.18.1

What's Changed

• Fix typo in stream help text by @cdupuis

v0.18.0

What's Changed

• Add recommendations command to GHA by @mcapell
• Improve output for cves command in GHA by @eunomie

v0.17.1

What's Changed

• Add cves command to GHA by @eunomie
• Allow --filter on repo enable command for bulk enablement by @cdupuis
• Allow to run multiple commands at once in GHA by @eunomie
• Update to Syft v0.84.1 by @cdupuis
• Fix bug in package processing for missing Go build info by @cdupuis