Skip to content

Releases: docker/scout-cli

v1.17.1

16 Apr 07:46
@github-actions github-actions
v1.17.1
f300518
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.17.1 Latest
Latest 
Merge 0ed26ff2995b5161e1f022ce0d4c8784f734e8ac into 316180a8169b3d690…
Assets 9
Loading

v1.17.0

18 Mar 16:33
@github-actions github-actions
v1.17.0
686c12b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.17.0 
Merge 06950db6f2ad31441a4c4de8d9a8f77e49939278 into 7c7e97734176f1bb6…
Loading

v1.16.3

18 Mar 16:33
@github-actions github-actions
v1.16.3
7c7e977
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.16.3 
Merge 9d83a0e466620fe314516a67fd5c25a555a0f0eb into 127b463cf08f9854d…
Loading

v1.16.2

18 Mar 16:33
@github-actions github-actions
v1.16.2
127b463
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.16.2 
Merge b2b49dd0f4f5ab8072365d3891136ff93dc4ea12 into d86161fc267f472f1…
Loading

v1.16.1

13 Dec 17:57
@github-actions github-actions
v1.16.1
634f6ad
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.16.1

What's Changed

  • Fix in-toto subject digest for the docker scout attestation add command by @cdupuis

Contributors

cdupuis
Loading

v1.16.0

13 Dec 06:35
@github-actions github-actions
v1.16.0
320f22e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.16.0

What's Changed

  • Add secret scanning to sbom command by @cdupuis
  • Keep original pattern to find nested matches too by @cdupuis
  • Make licenses unqiue by @cdupuis
  • Print platform in markdown output by @cdupuis
  • Normalize licenses using spdx license list by @cdupuis
  • Updates to make spdx output spec compliant by @cdupuis
  • Check dir exists before creating temp file by @chrispatrick
  • Update Go, crypto module and alpine by @cdupuis
  • Add support for attestations for images from Tanzu Application Catalog by @cdupuis
  • Fix behaviour with multi images in attest cmd by @cdupuis

Contributors

cdupuis and chrispatrick
Loading

v1.15.1

10 Nov 18:09
@cdupuis cdupuis
v1.15.1
a0662f0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.15.1

What's Changed

New Contributors

Contributors

cdupuis and neilprosser
Loading

v1.15.0

31 Oct 10:15
@github-actions github-actions
v1.15.0
787576d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.15.0

Highlights

  • Add CycloneDX as output format for the sbom cmd 
    $ docker scout sbom --format cyclonedx REF

Bug Fixes / Improvements

  • Support to enable/disable repositories that were enabled via docker scout push or docker scout watch.
  • Use high-to-low sort order for cves summary
    • Before:
      image
    • After:
      image
  • Improve messaging when analysing oci directories without attentions. Only single arch image and multi arch image with attestations are supported. Multi arch image without attestation is not supported.
  • Improve classifiers and sbom scanner:
    • Add classifier for liquibase lpm
    • Add support for buildkit extra sbom scanner args.
    • Add Rakudo Star/MoarVM binary classifier
    • Add binary classifiers for silverpeas utilities
  • Improve reading and caching of attestations with containerd image store.

Contributors

@cdupuis @LaurentGoderre @eunomie @felipecruz91 @dvdksn

Loading

v1.14.0

24 Sep 09:37
@github-actions github-actions
v1.14.0
01e0b04
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.14.0

Highlights

Bug Fixes / Improvements

  • Fix listing CVEs for dangling images (i.e local://sha256:...)
  • Fix panic when analysing a file system input, for instance with docker scout cves fs://.

Contributors

@ jgdavey @cdupuis @LaurentGoderre @eunomie @felipecruz91

Loading

v1.13.0

05 Aug 21:40
@github-actions github-actions
v1.13.0
8382a0b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.13.0

Highlights

  • Add --only-policy filter option to quickview, policy and compare commands.
  • Add --ignore-suppressed filter option to cves and quickview commands to filter out CVEs affected by Scout suppressions.

Bug Fixes / Improvements

  • Use conditional policy name in checks.
  • Enable detection golang main module via ldflags.

Contributors

@cdupuis @LaurentGoderre @ chrispatrick@felipecruz91

Loading