centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-27 14:28:47 +07:00
Code Issues Packages Projects Releases Wiki Activity

vendor: manually vendor scout-cli@1aac31a

Browse Source 
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson
2024-03-25 08:42:14 +01:00
parent 81dfba410c
commit 1797b28cc3
59 changed files with 7 additions and 1356 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml generated
View File

@@ -1,63 +0,0 @@
command: docker scout
short: Command line tool for Docker Scout
long: Command line tool for Docker Scout
usage: docker scout [command]
pname: docker
plink: docker.yaml
cname:
- docker scout attestation
- docker scout cache
- docker scout compare
- docker scout config
- docker scout cves
- docker scout enroll
- docker scout environment
- docker scout help
- docker scout integration
- docker scout policy
- docker scout quickview
- docker scout recommendations
- docker scout repo
- docker scout version
clink:
- docker_scout_attestation.yaml
- docker_scout_cache.yaml
- docker_scout_compare.yaml
- docker_scout_config.yaml
- docker_scout_cves.yaml
- docker_scout_enroll.yaml
- docker_scout_environment.yaml
- docker_scout_help.yaml
- docker_scout_integration.yaml
- docker_scout_policy.yaml
- docker_scout_quickview.yaml
- docker_scout_recommendations.yaml
- docker_scout_repo.yaml
- docker_scout_version.yaml
options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

37
_vendor/github.com/docker/scout-cli/docs/docker_scout_attestation.yaml generated
View File

@@ -1,37 +0,0 @@
command: docker scout attestation
aliases: docker scout attestation, docker scout attest
short: Manage attestations on image indexes
long: Manage attestations on image indexes
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout attestation add
clink:
- docker_scout_attestation_add.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

54
_vendor/github.com/docker/scout-cli/docs/docker_scout_attestation_add.yaml generated
View File

@@ -1,54 +0,0 @@
command: docker scout attestation add
aliases: docker scout attestation add, docker scout attest add
short: Add attestation to image
long: The docker scout attestation add command adds attestations to images.
usage: docker scout attestation add OPTIONS IMAGE [IMAGE...]
pname: docker scout attestation
plink: docker_scout_attestation.yaml
options:
- option: file
value_type: stringSlice
default_value: '[]'
description: File location of attestations to attach
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: predicate-type
value_type: string
description: Predicate-type for attestations
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

38
_vendor/github.com/docker/scout-cli/docs/docker_scout_cache.yaml generated
View File

@@ -1,38 +0,0 @@
command: docker scout cache
short: Manage Docker Scout cache and temporary files
long: Manage Docker Scout cache and temporary files
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout cache df
- docker scout cache prune
clink:
- docker_scout_cache_df.yaml
- docker_scout_cache_prune.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

73
_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml generated
View File

@@ -1,73 +0,0 @@
command: docker scout cache df
short: Show Docker Scout disk usage
long: |-
Docker Scout uses a temporary cache storage for generating image SBOMs.
The cache helps avoid regenerating or fetching resources unnecessarily.
This `docker scout cache df` command shows the cached data on the host.
Each cache entry is identified by the digest of the image.
You can use the `docker scout cache prune` command to delete cache data at any time.
usage: docker scout cache df
pname: docker scout cache
plink: docker_scout_cache.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List temporary and cache files
```console
$ docker scout cache df
Docker Scout temporary directory to generate SBOMs is located at:
/var/folders/dw/d6h9w2sx6rv3lzwwgrnx7t5h0000gp/T/docker-scout
this path can be configured using the DOCKER_SCOUT_CACHE_DIR environment variable
Image Digest │ Size
──────────────────────────────────────────────────────────────────────────┼────────
sha256:c41ab5c992deb4fe7e5da09f67a8804a46bd0592bfdf0b1847dde0e0889d2bff │ 21 kB
Total: 21 kB
Docker Scout cached SBOMs are located at:
/Users/user/.docker/scout/sbom
Image Digest │ Size of SBOM
──────────────────────────────────────────────────────────────────────────┼───────────────
sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11 │ 42 kB
sha256:03fc002fe4f370463a8f04d3a288cdffa861e462fc8b5be44ab62b296ad95183 │ 100 kB
sha256:088134dd33e4a2997480a1488a41c11abebda465da5cf7f305a0ecf8ed494329 │ 194 kB
sha256:0b80b2f17aff7ee5bfb135c69d0d6fe34070e89042b7aac73d1abcc79cfe6759 │ 852 kB
sha256:0c9e8abe31a5f17d84d5c85d3853d2f948a4f126421e89e68753591f1b6fedc5 │ 930 kB
sha256:0d49cae0723c8d310e413736b5e91e0c59b605ade2546f6e6ef8f1f3ddc76066 │ 510 kB
sha256:0ef04748d071c2e631bb3edce8f805cb5512e746b682c83fdae6d8c0b243280b │ 1.0 MB
sha256:13fd22925b638bb7d2131914bb8f8b0f5f582bee364aec682d9e7fe722bb486a │ 42 kB
sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
Total: 4 MB
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

86
_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml generated
View File

@@ -1,86 +0,0 @@
command: docker scout cache prune
short: Remove temporary or cached data
long: |-
The `docker scout cache prune` command removes temporary data and SBOM cache.
By default, `docker scout cache prune` only deletes temporary data.
To delete temporary data and clear the SBOM cache, use the `--sboms` flag.
usage: docker scout cache prune
pname: docker scout cache
plink: docker_scout_cache.yaml
options:
- option: epss
value_type: bool
default_value: "false"
description: Prune cached EPSS scores
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: force
shorthand: f
value_type: bool
default_value: "false"
description: Do not prompt for confirmation
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: sboms
value_type: bool
default_value: "false"
description: Prune cached SBOMs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Delete temporary data
```console
$ docker scout cache prune
? Are you sure to delete all temporary data? Yes
✓ temporary data deleted
```
### Delete temporary _and_ cache data
```console
$ docker scout cache prune --sboms
? Are you sure to delete all temporary data and all cached SBOMs? Yes
✓ temporary data deleted
✓ cached SBOMs deleted
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

318
_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml generated
View File

@@ -1,318 +0,0 @@
command: docker scout compare
aliases: docker scout compare, docker scout diff
short: Compare two images and display differences (experimental)
long: |-
The `docker scout compare` command analyzes two images and displays a comparison.
> This command is **experimental** and its behaviour might change in the future
The intended use of this command is to compare two versions of the same image.
For instance, when a new image is built and compared to the version running in production.
If no image is specified, the most recently built image is used
as a comparison target.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
usage: docker scout compare --to IMAGE|DIRECTORY|ARCHIVE [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: exit-code
shorthand: e
value_type: bool
default_value: "false"
description: Return exit code '2' if vulnerability changes are detected
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: exit-on
shorthand: x
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of conditions to fail the action step if worse, options are: vulnerability, policy
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: format
value_type: string
default_value: text
description: |-
Output format of the generated vulnerability report:
- text: default output, plain text with or without colors depending on the terminal
- markdown: Markdown output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: hide-policies
value_type: bool
default_value: "false"
description: Hide policy status from the output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-base
value_type: bool
default_value: "false"
description: Filter out CVEs introduced from base image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-unchanged
value_type: bool
default_value: "false"
description: Filter out unchanged packages
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: multi-stage
value_type: bool
default_value: "false"
description: Show packages from multi-stage Docker builds
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-fixed
value_type: bool
default_value: "false"
description: Filter to fixable CVEs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-package-type
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-severity
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-stage
value_type: stringSlice
default_value: '[]'
description: Comma separated list of multi-stage Docker build stage names
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-unfixed
value_type: bool
default_value: "false"
description: Filter to unfixed CVEs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to
value_type: string
description: Image, directory, or archive to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-env
value_type: string
description: Name of environment to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-latest
value_type: bool
default_value: "false"
description: Latest image processed to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-stream
value_type: string
description: Name of stream to compare to
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Compare the most recently built image to the latest tag
```console
$ docker scout compare --to namespace/repo:latest
```
### Compare local build to the same tag from the registry
```console
$ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
```
### Ignore base images
```console
$ docker scout compare --ignore-base --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Generate a markdown output
```console
$ docker scout compare --format markdown --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Only compare maven packages and only display critical vulnerabilities for maven packages
```console
$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Show all policy results for both images
```console
docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

59
_vendor/github.com/docker/scout-cli/docs/docker_scout_config.yaml generated
View File

@@ -1,59 +0,0 @@
command: docker scout config
short: Manage Docker Scout configuration
long: |-
`docker scout config` allows you to list, get and set Docker Scout configuration.
Available configuration key:
- `organization`: Namespace of the Docker organization to be used by default.
usage: docker scout config [KEY] [VALUE]
pname: docker scout
plink: docker_scout.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List existing configuration
```console
$ docker scout config
organization=my-org-namespace
```
### Print configuration value
```console
$ docker scout config organization
my-org-namespace
```
### Set configuration value
```console
$ docker scout config organization my-org-namespace
✓ Successfully set organization to my-org-namespace
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

520
_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml generated
View File

@@ -1,520 +0,0 @@
command: docker scout cves
short: Display CVEs identified in a software artifact
long: |-
The `docker scout cves` command analyzes a software artifact for vulnerabilities.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
usage: docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: details
value_type: bool
default_value: "false"
description: Print details on default text output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: env
value_type: string
description: Name of environment
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: epss
value_type: bool
default_value: "false"
description: |
Display the EPSS scores and organize the package's CVEs according to their EPSS score
details_url: '#epss'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: epss-date
value_type: string
description: Date to use for EPSS scores
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: epss-percentile
value_type: float32
default_value: "0"
description: |
Exclude CVEs with EPSS scores less than the specified percentile (0 to 1)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: epss-score
value_type: float32
default_value: "0"
description: |
Exclude CVEs with EPSS scores less than the specified value (0 to 1)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: exit-code
shorthand: e
value_type: bool
default_value: "false"
description: Return exit code '2' if vulnerabilities are detected
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: format
value_type: string
default_value: packages
description: "Output format of the generated vulnerability report:\n- packages: default output, plain text with vulnerabilities grouped by packages\n- sarif: json Sarif output\n- spdx: json SPDX output \n- markdown: markdown output (including some html tags like collapsible sections)\n- sbom: json SBOM output"
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-base
value_type: bool
default_value: "false"
description: Filter out CVEs introduced from base image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: locations
value_type: bool
default_value: "false"
description: Print package locations including file paths and layer diff_id
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: multi-stage
value_type: bool
default_value: "false"
description: Show packages from multi-stage Docker builds
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-cve-id
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of CVE ids (like CVE-2021-45105) to search for
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-fixed
value_type: bool
default_value: "false"
description: Filter to fixable CVEs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-metric
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of CVSS metrics (like AV:N or PR:L) to filter CVEs by
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-package
value_type: stringSlice
default_value: '[]'
description: Comma separated regular expressions to filter packages by
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-package-type
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-severity
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-stage
value_type: stringSlice
default_value: '[]'
description: Comma separated list of multi-stage Docker build stage names
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-unfixed
value_type: bool
default_value: "false"
description: Filter to unfixed CVEs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-vex-affected
value_type: bool
default_value: "false"
description: Filter CVEs by VEX statements with status not affected
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-vuln-packages
value_type: bool
default_value: "false"
description: |
When used with --format=only-packages ignore packages with no vulnerabilities
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: stream
value_type: string
description: Name of stream
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex
value_type: bool
default_value: "false"
description: Apply VEX statements to filter CVEs
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex-author
value_type: stringSlice
default_value: '[]'
description: List of VEX statement authors to accept
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex-location
value_type: stringSlice
default_value: '[]'
description: File location of directory or file containing VEX statements
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Display vulnerabilities grouped by package
```console
$ docker scout cves alpine
Analyzing image alpine
✓ Image stored for indexing
✓ Indexed 18 packages
✓ No vulnerable package detected
```
### Display vulnerabilities from a `docker save` tarball
```console
$ docker save alpine > alpine.tar
$ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar
✓ Archive read
✓ SBOM of image already cached, 18 packages indexed
✓ No vulnerable package detected
```
### Display vulnerabilities from an OCI directory
```console
$ skopeo copy --override-os linux docker://alpine oci:alpine
$ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine
✓ OCI directory read
✓ Image stored for indexing
✓ Indexed 19 packages
✓ No vulnerable package detected
```
### Display vulnerabilities from the current directory
```console
$ docker scout cves fs://.
```
### Export vulnerabilities to a SARIF JSON file
```console
$ docker scout cves --format sarif --output alpine.sarif.json alpine
Analyzing image alpine
✓ SBOM of image already cached, 18 packages indexed
✓ No vulnerable package detected
✓ Report written to alpine.sarif.json
```
### Display markdown output
The following example shows how to generate the vulnerability report as markdown.
```console
$ docker scout cves --format markdown alpine
✓ Pulled
✓ SBOM of image already cached, 19 packages indexed
✗ Detected 1 vulnerable package with 3 vulnerabilities
<h2>:mag: Vulnerabilities of <code>alpine</code></h2>
<details open="true"><summary>:package: Image Reference</strong> <code>alpine</code></summary>
<table>
<tr><td>digest</td><td><code>sha256:e3bd82196e98898cae9fe7fbfd6e2436530485974dc4fb3b7ddb69134eda2407</code></td><tr><tr><td>vulnerabilities</td><td><img alt="critical: 0" src="https://img.shields.io/badge/critical-0-lightgrey"/> <img alt="high: 0" src="https://img.shields.io/badge/high-0-lightgrey"/> <img alt="medium: 2" src="https://img.shields.io/badge/medium-2-fbb552"/> <img alt="low: 0" src="https://img.shields.io/badge/low-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/unspecified-1-lightgrey"/></td></tr>
<tr><td>platform</td><td>linux/arm64</td></tr>
<tr><td>size</td><td>3.3 MB</td></tr>
<tr><td>packages</td><td>19</td></tr>
</table>
</details></table>
</details>
...
```
### List all vulnerable packages of a certain type
The following example shows how to generate a list of packages, only including
packages of the specified type, and only showing packages that are vulnerable.
```console
$ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0
✓ Pulled
✓ SBOM of image already cached, 296 packages indexed
✗ Detected 1 vulnerable package with 40 vulnerabilities
Name Version Type Vulnerabilities
───────────────────────────────────────────────────────────
stdlib 1.18 golang 2C 29H 8M 1L
```
### Display EPSS score (--epss) {#epss}
The `--epss` flag adds [Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
scores to the `docker scout cves` output. EPSS scores are estimates of the likelihood (probability)
that a software vulnerability will be exploited in the wild in the next 30 days.
The higher the score, the greater the probability that a vulnerability will be exploited.
```console {hl_lines="13,14"}
$ docker scout cves --epss nginx
✓ Provenance obtained from attestation
✓ SBOM obtained from attestation, 232 packages indexed
✓ Pulled
✗ Detected 23 vulnerable packages with a total of 39 vulnerabilities
...
✗ HIGH CVE-2023-52425
https://scout.docker.com/v/CVE-2023-52425
Affected range : >=2.5.0-1
Fixed version : not fixed
EPSS Score : 0.000510
EPSS Percentile : 0.173680
```
- `EPSS Score` is a floating point number between 0 and 1 representing the probability of exploitation in the wild in the next 30 days (following score publication).
- `EPSS Percentile` is the percentile of the current score, the proportion of all scored vulnerabilities with the same or a lower EPSS score.
You can use the `--epss-score` and `--epss-percentile` flags to filter the output
of `docker scout cves` based on these scores. For example,
to only show vulnerabilities with an EPSS score higher than 0.5:
```console
$ docker scout cves --epss --epss-score 0.5 nginx
✓ SBOM of image already cached, 232 packages indexed
✓ EPSS scores for 2024-03-01 already cached
✗ Detected 1 vulnerable package with 1 vulnerability
...
✗ LOW CVE-2023-44487
https://scout.docker.com/v/CVE-2023-44487
Affected range : >=1.22.1-9
Fixed version : not fixed
EPSS Score : 0.705850
EPSS Percentile : 0.979410
```
EPSS scores are updated on a daily basis.
By default, the latest available score is displayed.
You can use the `--epss-date` flag to manually specify a date
in the format `yyyy-mm-dd` for fetching EPSS scores.
```console
$ docker scout cves --epss --epss-date 2024-01-02 nginx
```
### List vulnerabilities from an SPDX file
The following example shows how to generate a list of vulnerabilities from an SPDX file using `syft`.
```console
$ syft -o spdx-json alpine:3.16.1 | docker scout cves sbom://
✔ Pulled image
✔ Loaded image alpine:3.16.1
✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
├── ✔ Packages [14 packages]
├── ✔ File digests [75 files]
├── ✔ File metadata [75 locations]
└── ✔ Executables [16 executables]
✗ Detected 2 vulnerable packages with a total of 11 vulnerabilities
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

34
_vendor/github.com/docker/scout-cli/docs/docker_scout_enroll.yaml generated
View File

@@ -1,34 +0,0 @@
command: docker scout enroll
short: Enroll an organization with Docker Scout
long: |
The `docker scout enroll` command enrolls an organization with Docker Scout.
usage: docker scout enroll ORG
pname: docker scout
plink: docker_scout.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

97
_vendor/github.com/docker/scout-cli/docs/docker_scout_environment.yaml generated
View File

@@ -1,97 +0,0 @@
command: docker scout environment
aliases: docker scout environment, docker scout env
short: Manage environments (experimental)
long: |-
The `docker scout environment` command lists the environments.
If you pass an image reference, the image is recorded to the specified environment.
Once recorded, environments can be referred to by their name. For example,
you can refer to the `production` environment with the `docker scout compare`
command as follows:
```console
$ docker scout compare --to-env production
```
usage: docker scout environment [ENVIRONMENT] [IMAGE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to record
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List existing environments
```console
$ docker scout environment
prod
staging
```
### List images of an environment
```console
$ docker scout environment staging
namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b
namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f
```
### Record an image to an environment, for a specific platform
```console
$ docker scout environment staging namespace/repo:stage-latest --platform linux/amd64
✓ Pulled
✓ Successfully recorded namespace/repo:stage-latest in environment staging
```
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

33
_vendor/github.com/docker/scout-cli/docs/docker_scout_help.yaml generated
View File

@@ -1,33 +0,0 @@
command: docker scout help
short: Display information about the available commands
long: Display information about the available commands
usage: docker scout help
pname: docker scout
plink: docker_scout.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

40
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration.yaml generated
View File

@@ -1,40 +0,0 @@
command: docker scout integration
short: Commands to list, configure, and delete Docker Scout integrations
long: Commands to list, configure, and delete Docker Scout integrations
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout integration configure
- docker scout integration delete
- docker scout integration list
clink:
- docker_scout_integration_configure.yaml
- docker_scout_integration_delete.yaml
- docker_scout_integration_list.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

63
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_configure.yaml generated
View File

@@ -1,63 +0,0 @@
command: docker scout integration configure
short: Configure or update a new integration configuration
long: |
The docker scout integration configure command creates or updates a new integration configuration for an organization.
usage: docker scout integration configure INTEGRATION
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to create
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: parameter
value_type: stringSlice
default_value: '[]'
description: Integration parameters in the form of --parameter NAME=VALUE
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

53
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_delete.yaml generated
View File

@@ -1,53 +0,0 @@
command: docker scout integration delete
short: Delete a new integration configuration
long: |
The docker scout integration delete command deletes a new integration configuration for an organization.
usage: docker scout integration delete INTEGRATION
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to delete
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

53
_vendor/github.com/docker/scout-cli/docs/docker_scout_integration_list.yaml generated
View File

@@ -1,53 +0,0 @@
command: docker scout integration list
short: Integration Docker Scout
long: |
The docker scout integration list configured integrations for an organization.
usage: docker scout integration list [INTEGRATION]
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to list
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

130
_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml generated
View File

@@ -1,130 +0,0 @@
command: docker scout policy
short: |
Evaluate policies against an image and display the policy evaluation results (experimental)
long: |-
The `docker scout policy` command evaluates policies against an image.
The image analysis is uploaded to Docker Scout where policies get evaluated.
The policy evaluation results may take a few minutes to become available.
usage: docker scout policy [IMAGE | REPO]
pname: docker scout
plink: docker_scout.yaml
options:
- option: env
value_type: string
description: Name of the environment to compare to
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: exit-code
shorthand: e
value_type: bool
default_value: "false"
description: Return exit code '2' if policies are not met, '0' otherwise
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to pull policy results from
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-env
value_type: string
description: Name of the environment to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-latest
value_type: bool
default_value: "false"
description: Latest image processed to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Evaluate policies against an image and display the results
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1
```
### Evaluate policies against an image for a specific organization
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy
```
### Evaluate policies against an image with a specific platform
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64
```
### Compare policy results for a repository in a specific environment
```console
$ docker scout policy dockerscoutpolicy/customers-api-service --to-env production
```
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

88
_vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml generated
View File

@@ -1,88 +0,0 @@
command: docker scout push
short: Push an image or image index to Docker Scout (experimental)
long: |
The `docker scout push` command lets you push an image or analysis result to Docker Scout.
usage: docker scout push IMAGE
pname: docker scout
plink: docker_scout.yaml
options:
- option: author
value_type: string
description: Name of the author of the image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization to which image will be pushed
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: sbom
value_type: bool
default_value: "false"
description: Create and upload SBOMs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: timestamp
value_type: string
description: Timestamp of image or tag creation
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Push an image to Docker Scout
```console
$ docker scout push --org my-org registry.example.com/repo:tag
```
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

171
_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml generated
View File

@@ -1,171 +0,0 @@
command: docker scout quickview
aliases: docker scout quickview, docker scout qv
short: Quick overview of an image
long: |-
The `docker scout quickview` command displays a quick overview of an image.
It displays a summary of the vulnerabilities in the specified image
and vulnerabilities from the base image.
If available, it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
usage: docker scout quickview [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: env
value_type: string
description: Name of the environment
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: latest
value_type: bool
default_value: "false"
description: Latest indexed image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: stream
value_type: string
description: Name of stream
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Quick overview of an image
```console
$ docker scout quickview golang:1.19.4
...Pulling
✓ Pulled
✓ SBOM of image already cached, 278 packages indexed
Your image golang:1.19.4 │ 5C 3H 6M 63L
Base image buildpack-deps:bullseye-scm │ 5C 1H 3M 48L 6?
Refreshed base image buildpack-deps:bullseye-scm │ 0C 0H 0M 42L
│ -5 -1 -3 -6 -6
Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L
│ -5 -1 -2 -19 -6
```
### Quick overview of the most recently built image
```console
$ docker scout qv
```
### Quick overview from an SPDX file
```console
$ syft -o spdx-json alpine:3.16.1 | docker scout quickview sbom://
✔ Loaded image alpine:3.16.1
✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
├── ✔ Packages [14 packages]
├── ✔ File digests [75 files]
├── ✔ File metadata [75 locations]
└── ✔ Executables [16 executables]
Target │ <stdin> │ 1C 2H 8M 0L
digest │ 274a317d88b5 │
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

149
_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml generated
View File

@@ -1,149 +0,0 @@
command: docker scout recommendations
short: Display available base image updates and remediation recommendations
long: |-
The `docker scout recommendations` command display recommendations for base images updates.
It analyzes the image and display recommendations to refresh or update the base image.
For each recommendation it shows a list of benefits, such as
fewer vulnerabilities or smaller image size.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
usage: docker scout recommendations [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: only-refresh
value_type: bool
default_value: "false"
description: Only display base image refresh recommendations
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-update
value_type: bool
default_value: "false"
description: Only display base image update recommendations
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: tag
value_type: string
description: Specify tag
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Display base image update recommendations
```console
$ docker scout recommendations golang:1.19.4
```
### Display base image refresh only recommendations
```console
$ docker scout recommendations --only-refresh golang:1.19.4
```
### Display base image update only recommendations
```console
$ docker scout recommendations --only-update golang:1.19.4
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

40
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo.yaml generated
View File

@@ -1,40 +0,0 @@
command: docker scout repo
short: Commands to list, enable, and disable Docker Scout on repositories
long: Commands to list, enable, and disable Docker Scout on repositories
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout repo disable
- docker scout repo enable
- docker scout repo list
clink:
- docker_scout_repo_disable.yaml
- docker_scout_repo_enable.yaml
- docker_scout_repo_list.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

106
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_disable.yaml generated
View File

@@ -1,106 +0,0 @@
command: docker scout repo disable
short: Disable Docker Scout
long: |
The docker scout repo disable command disables Docker Scout on repositories.
usage: docker scout repo disable [REPOSITORY]
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
- option: all
value_type: bool
default_value: "false"
description: |
Disable all repositories of the organization. Can not be used with --filter.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: filter
value_type: string
description: Regular expression to filter repositories by name
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: integration
value_type: string
description: Name of the integration to use for enabling an image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Container Registry
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Disable a specific repository
```console
$ docker scout repo disable my/repository
```
### Disable all repositories of the organization
```console
$ docker scout repo disable --all
```
### Disable some repositories based on a filter
```console
$ docker scout repo disable --filter namespace/backend
```
### Disable a repository from a specific registry
```console
$ docker scout repo disable my/repository --registry 123456.dkr.ecr.us-east-1.amazonaws.com
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

105
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_enable.yaml generated
View File

@@ -1,105 +0,0 @@
command: docker scout repo enable
short: Enable Docker Scout
long: The docker scout repo enable command enables Docker Scout on repositories.
usage: docker scout repo enable [REPOSITORY]
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
- option: all
value_type: bool
default_value: "false"
description: |
Enable all repositories of the organization. Can not be used with --filter.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: filter
value_type: string
description: Regular expression to filter repositories by name
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: integration
value_type: string
description: Name of the integration to use for enabling an image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Container Registry
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Enable a specific repository
```console
$ docker scout repo enable my/repository
```
### Enable all repositories of the organization
```console
$ docker scout repo enable --all
```
### Enable some repositories based on a filter
```console
$ docker scout repo enable --filter namespace/backend
```
### Enable a repository from a specific registry
```console
$ docker scout repo enable my/repository --registry 123456.dkr.ecr.us-east-1.amazonaws.com
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

87
_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml generated
View File

@@ -1,87 +0,0 @@
command: docker scout repo list
short: List Docker Scout repositories
long: |-
The docker scout repo list command shows all repositories in an organization.
If ORG is not provided the default configured organization will be used.
usage: docker scout repo list
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
- option: filter
value_type: string
description: Regular expression to filter repositories by name
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-disabled
value_type: bool
default_value: "false"
description: Filter to disabled repositories only
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-enabled
value_type: bool
default_value: "false"
description: Filter to enabled repositories only
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-registry
value_type: string
description: |-
Filter to a specific registry only:
- hub.docker.com
- ecr (AWS ECR)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

151
_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml generated
View File

@@ -1,151 +0,0 @@
command: docker scout sbom
short: Generate or display SBOM of an image
long: |-
The `docker scout sbom` command analyzes a software artifact to generate a
Software Bill Of Materials (SBOM).
The SBOM contains a list of all packages in the image.
You can use the `--format` flag to filter the output of the command
to display only packages of a specific type.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
usage: docker scout sbom [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: format
value_type: string
default_value: json
description: |-
Output format:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-package-type
value_type: stringSlice
default_value: '[]'
description: |-
Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
Can only be used with --format list
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Display the list of packages
```console
$ docker scout sbom --format list alpine
```
### Only display packages of a specific type
```console
$ docker scout sbom --format list --only-package-type apk alpine
```
### Display the full SBOM in JSON format
```console
$ docker scout sbom alpine
```
### Display the full SBOM of the most recently built image
```console
$ docker scout sbom
```
### Write SBOM to a file
```console
$ docker scout sbom --output alpine.sbom alpine
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

89
_vendor/github.com/docker/scout-cli/docs/docker_scout_stream.yaml generated
View File

@@ -1,89 +0,0 @@
command: docker scout stream
short: Manage streams (experimental)
long: |-
The `docker scout stream` command lists the deployment streams and records an image to it.
Once recorded, streams can be referred to by their name, eg. in the `docker scout compare` command using `--to-stream`.
usage: docker scout stream [STREAM] [IMAGE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to record
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List existing streams
```console
$ %[1]s %[2]s
prod-cluster-123
stage-cluster-234
```
### List images of a stream
```console
$ %[1]s %[2]s prod-cluster-123
namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b
namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f
```
### Record an image to a stream, for a specific platform
```console
$ %[1]s %[2]s stage-cluster-234 namespace/repo:stage-latest --platform linux/amd64
✓ Pulled
✓ Successfully recorded namespace/repo:stage-latest in stream stage-cluster-234
```
deprecated: true
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

58
_vendor/github.com/docker/scout-cli/docs/docker_scout_version.yaml generated
View File

@@ -1,58 +0,0 @@
command: docker scout version
short: Show Docker Scout version information
long: Show Docker Scout version information
usage: docker scout version
pname: docker scout
plink: docker_scout.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
```console
$ docker scout version
⢀⢀⢀ ⣀⣀⡤⣔⢖⣖⢽⢝
⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀ ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅
⡜⡜⡜⡜⡜⡜⠜⠈⠈ ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺
⢘⢜⢜⢜⢜⠜ ⠈⠪⡳⡵⣹⡪⠇
⠨⡪⡪⡪⠂ ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀ ⠘⢝⢮⡚ _____ _
⠱⡱⠁ ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦ ⠘⡵⠁ / ____| Docker | |
⠁ ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣ ⠁ | (___ ___ ___ _ _| |_
⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳ \___ \ / __/ _ \| | | | __|
⢀ ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏ ⡀ ____) | (_| (_) | |_| | |_
⢀⢾⠄ ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝ ⢠⢣⢂ |_____/ \___\___/ \__,_|\__|
⡼⣕⢗⡄ ⠈⠓⠝⢮⡳⣝⠮⠳⠙ ⢠⢢⢣⢣
⢰⡫⡮⡳⣝⢦⡀ ⢀⢔⢕⢕⢕⢕⠅
⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀ ⡀⡠⡢⡣⡣⡣⡣⡣⡃
⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁ ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈
⡯⡳⠳⠝⠊⠓⠉ ⠈⠈⠈⠈
version: v1.0.9 (go1.21.3 - darwin/arm64)
git commit: 8bf95bf60d084af341f70e8263342f71b0a3cd16
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

161
_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml generated
View File

@@ -1,161 +0,0 @@
command: docker scout watch
short: |
Watch repositories in a registry and push images and indexes to Docker Scout (experimental)
long: |-
The `docker scout watch` command watches repositories in a registry
and pushes images or analysis results to Docker Scout.
usage: docker scout watch
pname: docker scout
plink: docker_scout.yaml
options:
- option: all-images
value_type: bool
default_value: "false"
description: |
Push all images instead of only the ones pushed during the watch command is running
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: dry-run
value_type: bool
default_value: "false"
description: Watch images and prepare them, but do not push them
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: interval
value_type: int64
default_value: "60"
description: Interval in seconds between checks
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization to which image will be pushed
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: refresh-registry
value_type: bool
default_value: "false"
description: |
Refresh the list of repositories of a registry at every run. Only with --registry.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Registry to watch
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: repository
value_type: stringSlice
default_value: '[]'
description: Repository to watch
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: sbom
value_type: bool
default_value: "true"
description: Create and upload SBOMs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: tag
value_type: stringSlice
default_value: '[]'
description: Regular expression to match tags to watch
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: workers
value_type: int
default_value: "3"
description: Number of concurrent workers
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Watch for new images from two repositories and push them
```console
$ docker scout watch --org my-org --repository registry-1.example.com/repo-1 --repository registry-2.example.com/repo-2
```
### Only push images with a specific tag
```console
$ docker scout watch --org my-org --repository registry.example.com/my-service --tag latest
```
### Watch all repositories of a registry
```console
$ docker scout watch --org my-org --registry registry.example.com
```
### Push all images and not just the new ones
```console
$ docker scout watch--org my-org --repository registry.example.com/my-service --all-images
```
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

36
_vendor/github.com/docker/scout-cli/docs/scout.md generated
View File

@@ -1,36 +0,0 @@
# docker scout
```
docker scout COMMAND
```
<!---MARKER_GEN_START-->
Command line tool for Docker Scout
### Subcommands
| Name | Description |
|:----------------------------------------------|:--------------------------------------------------------------------------------------------|
| [`attestation`](scout_attestation.md) | Manage attestations on image indexes |
| [`cache`](scout_cache.md) | Manage Docker Scout cache and temporary files |
| [`compare`](scout_compare.md) | Compare two images and display differences (experimental) |
| [`config`](scout_config.md) | Manage Docker Scout configuration |
| [`cves`](scout_cves.md) | Display CVEs identified in a software artifact |
| [`enroll`](scout_enroll.md) | Enroll an organization with Docker Scout |
| [`environment`](scout_environment.md) | Manage environments (experimental) |
| [`help`](scout_help.md) | Display information about the available commands |
| [`integration`](scout_integration.md) | Commands to list, configure, and delete Docker Scout integrations |
| [`policy`](scout_policy.md) | Evaluate policies against an image and display the policy evaluation results (experimental) |
| [`push`](scout_push.md) | Push an image or image index to Docker Scout (experimental) |
| [`quickview`](scout_quickview.md) | Quick overview of an image |
| [`recommendations`](scout_recommendations.md) | Display available base image updates and remediation recommendations |
| [`repo`](scout_repo.md) | Commands to list, enable, and disable Docker Scout on repositories |
| [`sbom`](scout_sbom.md) | Generate or display SBOM of an image |
| [`stream`](scout_stream.md) | Manage streams (experimental) |
| [`version`](scout_version.md) | Show Docker Scout version information |
| [`watch`](scout_watch.md) | Watch repositories in a registry and push images and indexes to Docker Scout (experimental) |
<!---MARKER_GEN_END-->

19
_vendor/github.com/docker/scout-cli/docs/scout_attestation.md generated
View File

@@ -1,19 +0,0 @@
# docker scout attestation
<!---MARKER_GEN_START-->
Manage attestations on image indexes
### Aliases
`docker scout attestation`, `docker scout attest`
### Subcommands
| Name | Description |
|:----------------------------------|:-------------------------|
| [`add`](scout_attestation_add.md) | Add attestation to image |
<!---MARKER_GEN_END-->

19
_vendor/github.com/docker/scout-cli/docs/scout_attestation_add.md generated
View File

@@ -1,19 +0,0 @@
# docker scout attestation add
<!---MARKER_GEN_START-->
Add attestation to image
### Aliases
`docker scout attestation add`, `docker scout attest add`
### Options
| Name | Type | Default | Description |
|:-------------------|:--------------|:--------|:----------------------------------------|
| `--file` | `stringSlice` | | File location of attestations to attach |
| `--predicate-type` | `string` | | Predicate-type for attestations |
<!---MARKER_GEN_END-->

16
_vendor/github.com/docker/scout-cli/docs/scout_cache.md generated
View File

@@ -1,16 +0,0 @@
# docker scout cache
<!---MARKER_GEN_START-->
Manage Docker Scout cache and temporary files
### Subcommands
| Name | Description |
|:--------------------------------|:--------------------------------|
| [`df`](scout_cache_df.md) | Show Docker Scout disk usage |
| [`prune`](scout_cache_prune.md) | Remove temporary or cached data |
<!---MARKER_GEN_END-->

52
_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md generated
View File

@@ -1,52 +0,0 @@
# docker scout cache df
<!---MARKER_GEN_START-->
Show Docker Scout disk usage
<!---MARKER_GEN_END-->
## Description
Docker Scout uses a temporary cache storage for generating image SBOMs.
The cache helps avoid regenerating or fetching resources unnecessarily.
This `docker scout cache df` command shows the cached data on the host.
Each cache entry is identified by the digest of the image.
You can use the `docker scout cache prune` command to delete cache data at any time.
## Examples
### List temporary and cache files
```console
$ docker scout cache df
Docker Scout temporary directory to generate SBOMs is located at:
/var/folders/dw/d6h9w2sx6rv3lzwwgrnx7t5h0000gp/T/docker-scout
this path can be configured using the DOCKER_SCOUT_CACHE_DIR environment variable
Image Digest │ Size
──────────────────────────────────────────────────────────────────────────┼────────
sha256:c41ab5c992deb4fe7e5da09f67a8804a46bd0592bfdf0b1847dde0e0889d2bff │ 21 kB
Total: 21 kB
Docker Scout cached SBOMs are located at:
/Users/user/.docker/scout/sbom
Image Digest │ Size of SBOM
──────────────────────────────────────────────────────────────────────────┼───────────────
sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11 │ 42 kB
sha256:03fc002fe4f370463a8f04d3a288cdffa861e462fc8b5be44ab62b296ad95183 │ 100 kB
sha256:088134dd33e4a2997480a1488a41c11abebda465da5cf7f305a0ecf8ed494329 │ 194 kB
sha256:0b80b2f17aff7ee5bfb135c69d0d6fe34070e89042b7aac73d1abcc79cfe6759 │ 852 kB
sha256:0c9e8abe31a5f17d84d5c85d3853d2f948a4f126421e89e68753591f1b6fedc5 │ 930 kB
sha256:0d49cae0723c8d310e413736b5e91e0c59b605ade2546f6e6ef8f1f3ddc76066 │ 510 kB
sha256:0ef04748d071c2e631bb3edce8f805cb5512e746b682c83fdae6d8c0b243280b │ 1.0 MB
sha256:13fd22925b638bb7d2131914bb8f8b0f5f582bee364aec682d9e7fe722bb486a │ 42 kB
sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
Total: 4 MB
```

41
_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md generated
View File

@@ -1,41 +0,0 @@
# docker scout cache prune
<!---MARKER_GEN_START-->
Remove temporary or cached data
### Options
| Name | Type | Default | Description |
|:----------------|:-----|:--------|:-------------------------------|
| `--epss` | | | Prune cached EPSS scores |
| `-f`, `--force` | | | Do not prompt for confirmation |
| `--sboms` | | | Prune cached SBOMs |
<!---MARKER_GEN_END-->
## Description
The `docker scout cache prune` command removes temporary data and SBOM cache.
By default, `docker scout cache prune` only deletes temporary data.
To delete temporary data and clear the SBOM cache, use the `--sboms` flag.
## Examples
### Delete temporary data
```console
$ docker scout cache prune
? Are you sure to delete all temporary data? Yes
✓ temporary data deleted
```
### Delete temporary _and_ cache data
```console
$ docker scout cache prune --sboms
? Are you sure to delete all temporary data and all cached SBOMs? Yes
✓ temporary data deleted
✓ cached SBOMs deleted
```

108
_vendor/github.com/docker/scout-cli/docs/scout_compare.md generated
View File

@@ -1,108 +0,0 @@
# docker scout compare
<!---MARKER_GEN_START-->
Compare two images and display differences (experimental)
### Aliases
`docker scout compare`, `docker scout diff`
### Options
| Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `-x`, `--exit-on` | `stringSlice` | | Comma separated list of conditions to fail the action step if worse, options are: vulnerability, policy |
| `--format` | `string` | `text` | Output format of the generated vulnerability report:<br>- text: default output, plain text with or without colors depending on the terminal<br>- markdown: Markdown output<br> |
| `--hide-policies` | | | Hide policy status from the output |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--ignore-unchanged` | | | Filter out unchanged packages |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-fixed` | | | Filter to fixable CVEs |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
| `--only-unfixed` | | | Filter to unfixed CVEs |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
| `--to` | `string` | | Image, directory, or archive to compare to |
| `--to-env` | `string` | | Name of environment to compare to |
| `--to-latest` | | | Latest image processed to compare to |
| `--to-ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
<!---MARKER_GEN_END-->
## Description
The `docker scout compare` command analyzes two images and displays a comparison.
> This command is **experimental** and its behaviour might change in the future
The intended use of this command is to compare two versions of the same image.
For instance, when a new image is built and compared to the version running in production.
If no image is specified, the most recently built image is used
as a comparison target.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples
### Compare the most recently built image to the latest tag
```console
$ docker scout compare --to namespace/repo:latest
```
### Compare local build to the same tag from the registry
```console
$ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
```
### Ignore base images
```console
$ docker scout compare --ignore-base --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Generate a markdown output
```console
$ docker scout compare --format markdown --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Only compare maven packages and only display critical vulnerabilities for maven packages
```console
$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Show all policy results for both images
```console
docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
```

38
_vendor/github.com/docker/scout-cli/docs/scout_config.md generated
View File

@@ -1,38 +0,0 @@
# docker scout config
<!---MARKER_GEN_START-->
Manage Docker Scout configuration
<!---MARKER_GEN_END-->
## Description
`docker scout config` allows you to list, get and set Docker Scout configuration.
Available configuration key:
- `organization`: Namespace of the Docker organization to be used by default.
## Examples
### List existing configuration
```console
$ docker scout config
organization=my-org-namespace
```
### Print configuration value
```console
$ docker scout config organization
my-org-namespace
```
### Set configuration value
```console
$ docker scout config organization my-org-namespace
✓ Successfully set organization to my-org-namespace
```

269
_vendor/github.com/docker/scout-cli/docs/scout_cves.md generated
View File

@@ -1,269 +0,0 @@
# docker scout cves
```
docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
```
<!---MARKER_GEN_START-->
Display CVEs identified in a software artifact
### Options
| Name | Type | Default | Description |
|:-----------------------|:--------------|:-----------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--details` | | | Print details on default text output |
| `--env` | `string` | | Name of environment |
| [`--epss`](#epss) | | | Display the EPSS scores and organize the package's CVEs according to their EPSS score |
| `--epss-date` | `string` | | Date to use for EPSS scores |
| `--epss-percentile` | `float32` | `0` | Exclude CVEs with EPSS scores less than the specified percentile (0 to 1) |
| `--epss-score` | `float32` | `0` | Exclude CVEs with EPSS scores less than the specified value (0 to 1) |
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- spdx: json SPDX output <br>- markdown: markdown output (including some html tags like collapsible sections)<br>- sbom: json SBOM output<br> |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--locations` | | | Print package locations including file paths and layer diff_id |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
| `--only-fixed` | | | Filter to fixable CVEs |
| `--only-metric` | `stringSlice` | | Comma separated list of CVSS metrics (like AV:N or PR:L) to filter CVEs by |
| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
| `--only-unfixed` | | | Filter to unfixed CVEs |
| `--only-vex-affected` | | | Filter CVEs by VEX statements with status not affected |
| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
<!---MARKER_GEN_END-->
## Description
The `docker scout cves` command analyzes a software artifact for vulnerabilities.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
## Examples
### Display vulnerabilities grouped by package
```console
$ docker scout cves alpine
Analyzing image alpine
✓ Image stored for indexing
✓ Indexed 18 packages
✓ No vulnerable package detected
```
### Display vulnerabilities from a `docker save` tarball
```console
$ docker save alpine > alpine.tar
$ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar
✓ Archive read
✓ SBOM of image already cached, 18 packages indexed
✓ No vulnerable package detected
```
### Display vulnerabilities from an OCI directory
```console
$ skopeo copy --override-os linux docker://alpine oci:alpine
$ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine
✓ OCI directory read
✓ Image stored for indexing
✓ Indexed 19 packages
✓ No vulnerable package detected
```
### Display vulnerabilities from the current directory
```console
$ docker scout cves fs://.
```
### Export vulnerabilities to a SARIF JSON file
```console
$ docker scout cves --format sarif --output alpine.sarif.json alpine
Analyzing image alpine
✓ SBOM of image already cached, 18 packages indexed
✓ No vulnerable package detected
✓ Report written to alpine.sarif.json
```
### Display markdown output
The following example shows how to generate the vulnerability report as markdown.
```console
$ docker scout cves --format markdown alpine
✓ Pulled
✓ SBOM of image already cached, 19 packages indexed
✗ Detected 1 vulnerable package with 3 vulnerabilities
<h2>:mag: Vulnerabilities of <code>alpine</code></h2>
<details open="true"><summary>:package: Image Reference</strong> <code>alpine</code></summary>
<table>
<tr><td>digest</td><td><code>sha256:e3bd82196e98898cae9fe7fbfd6e2436530485974dc4fb3b7ddb69134eda2407</code></td><tr><tr><td>vulnerabilities</td><td><img alt="critical: 0" src="https://img.shields.io/badge/critical-0-lightgrey"/> <img alt="high: 0" src="https://img.shields.io/badge/high-0-lightgrey"/> <img alt="medium: 2" src="https://img.shields.io/badge/medium-2-fbb552"/> <img alt="low: 0" src="https://img.shields.io/badge/low-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/unspecified-1-lightgrey"/></td></tr>
<tr><td>platform</td><td>linux/arm64</td></tr>
<tr><td>size</td><td>3.3 MB</td></tr>
<tr><td>packages</td><td>19</td></tr>
</table>
</details></table>
</details>
...
```
### List all vulnerable packages of a certain type
The following example shows how to generate a list of packages, only including
packages of the specified type, and only showing packages that are vulnerable.
```console
$ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0
✓ Pulled
✓ SBOM of image already cached, 296 packages indexed
✗ Detected 1 vulnerable package with 40 vulnerabilities
Name Version Type Vulnerabilities
───────────────────────────────────────────────────────────
stdlib 1.18 golang 2C 29H 8M 1L
```
### <a name="epss"></a> Display EPSS score (--epss)
The `--epss` flag adds [Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
scores to the `docker scout cves` output. EPSS scores are estimates of the likelihood (probability)
that a software vulnerability will be exploited in the wild in the next 30 days.
The higher the score, the greater the probability that a vulnerability will be exploited.
```console {hl_lines=13,14}
$ docker scout cves --epss nginx
✓ Provenance obtained from attestation
✓ SBOM obtained from attestation, 232 packages indexed
✓ Pulled
✗ Detected 23 vulnerable packages with a total of 39 vulnerabilities
...
✗ HIGH CVE-2023-52425
https://scout.docker.com/v/CVE-2023-52425
Affected range : >=2.5.0-1
Fixed version : not fixed
EPSS Score : 0.000510
EPSS Percentile : 0.173680
```
- `EPSS Score` is a floating point number between 0 and 1 representing the probability of exploitation in the wild in the next 30 days (following score publication).
- `EPSS Percentile` is the percentile of the current score, the proportion of all scored vulnerabilities with the same or a lower EPSS score.
You can use the `--epss-score` and `--epss-percentile` flags to filter the output
of `docker scout cves` based on these scores. For example,
to only show vulnerabilities with an EPSS score higher than 0.5:
```console
$ docker scout cves --epss --epss-score 0.5 nginx
✓ SBOM of image already cached, 232 packages indexed
✓ EPSS scores for 2024-03-01 already cached
✗ Detected 1 vulnerable package with 1 vulnerability
...
✗ LOW CVE-2023-44487
https://scout.docker.com/v/CVE-2023-44487
Affected range : >=1.22.1-9
Fixed version : not fixed
EPSS Score : 0.705850
EPSS Percentile : 0.979410
```
EPSS scores are updated on a daily basis.
By default, the latest available score is displayed.
You can use the `--epss-date` flag to manually specify a date
in the format `yyyy-mm-dd` for fetching EPSS scores.
```console
$ docker scout cves --epss --epss-date 2024-01-02 nginx
```
### List vulnerabilities from an SPDX file
The following example shows how to generate a list of vulnerabilities from an SPDX file using `syft`.
```console
$ syft -o spdx-json alpine:3.16.1 | docker scout cves sbom://
✔ Pulled image
✔ Loaded image alpine:3.16.1
✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
├── ✔ Packages [14 packages]
├── ✔ File digests [75 files]
├── ✔ File metadata [75 locations]
└── ✔ Executables [16 executables]
✗ Detected 2 vulnerable packages with a total of 11 vulnerabilities
## Overview
│ Analyzed SBOM
────────────────────┼──────────────────────────────
Target │ <stdin>
digest │ 274a317d88b5
platform │ linux/arm64
vulnerabilities │ 1C 2H 8M 0L
packages │ 15
## Packages and Vulnerabilities
1C 0H 0M 0L zlib 1.2.12-r1
pkg:apk/alpine/zlib@1.2.12-r1?arch=aarch64&distro=alpine-3.16.1
✗ CRITICAL CVE-2022-37434
https://scout.docker.com/v/CVE-2022-37434
Affected range : <1.2.12-r2
Fixed version : 1.2.12-r2
...
11 vulnerabilities found in 2 packages
LOW 0
MEDIUM 8
HIGH 2
CRITICAL 1
```

11
_vendor/github.com/docker/scout-cli/docs/scout_enroll.md generated
View File

@@ -1,11 +0,0 @@
# docker scout enroll
<!---MARKER_GEN_START-->
Enroll an organization with Docker Scout
<!---MARKER_GEN_END-->
## Description
The `docker scout enroll` command enrolls an organization with Docker Scout.

58
_vendor/github.com/docker/scout-cli/docs/scout_environment.md generated
View File

@@ -1,58 +0,0 @@
# docker scout environment
<!---MARKER_GEN_START-->
Manage environments (experimental)
### Aliases
`docker scout environment`, `docker scout env`
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:-------------------------------------|
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to record |
<!---MARKER_GEN_END-->
## Description
The `docker scout environment` command lists the environments.
If you pass an image reference, the image is recorded to the specified environment.
Once recorded, environments can be referred to by their name. For example,
you can refer to the `production` environment with the `docker scout compare`
command as follows:
```console
$ docker scout compare --to-env production
```
## Examples
### List existing environments
```console
$ docker scout environment
prod
staging
```
### List images of an environment
```console
$ docker scout environment staging
namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b
namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f
```
### Record an image to an environment, for a specific platform
```console
$ docker scout environment staging namespace/repo:stage-latest --platform linux/amd64
✓ Pulled
✓ Successfully recorded namespace/repo:stage-latest in environment staging
```

8
_vendor/github.com/docker/scout-cli/docs/scout_help.md generated
View File

@@ -1,8 +0,0 @@
# docker scout help
<!---MARKER_GEN_START-->
Display information about the available commands
<!---MARKER_GEN_END-->

17
_vendor/github.com/docker/scout-cli/docs/scout_integration.md generated
View File

@@ -1,17 +0,0 @@
# docker scout integration
<!---MARKER_GEN_START-->
Commands to list, configure, and delete Docker Scout integrations
### Subcommands
| Name | Description |
|:----------------------------------------------|:----------------------------------------------------|
| [`configure`](scout_integration_configure.md) | Configure or update a new integration configuration |
| [`delete`](scout_integration_delete.md) | Delete a new integration configuration |
| [`list`](scout_integration_list.md) | Integration Docker Scout |
<!---MARKER_GEN_END-->

16
_vendor/github.com/docker/scout-cli/docs/scout_integration_configure.md generated
View File

@@ -1,16 +0,0 @@
# docker scout integration configure
<!---MARKER_GEN_START-->
Configure or update a new integration configuration
### Options
| Name | Type | Default | Description |
|:--------------|:--------------|:--------|:-------------------------------------------------------------|
| `--name` | `string` | | Name of integration configuration to create |
| `--org` | `string` | | Namespace of the Docker organization |
| `--parameter` | `stringSlice` | | Integration parameters in the form of --parameter NAME=VALUE |
<!---MARKER_GEN_END-->

15
_vendor/github.com/docker/scout-cli/docs/scout_integration_delete.md generated
View File

@@ -1,15 +0,0 @@
# docker scout integration delete
<!---MARKER_GEN_START-->
Delete a new integration configuration
### Options
| Name | Type | Default | Description |
|:---------|:---------|:--------|:--------------------------------------------|
| `--name` | `string` | | Name of integration configuration to delete |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

15
_vendor/github.com/docker/scout-cli/docs/scout_integration_list.md generated
View File

@@ -1,15 +0,0 @@
# docker scout integration list
<!---MARKER_GEN_START-->
Integration Docker Scout
### Options
| Name | Type | Default | Description |
|:---------|:---------|:--------|:------------------------------------------|
| `--name` | `string` | | Name of integration configuration to list |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

51
_vendor/github.com/docker/scout-cli/docs/scout_policy.md generated
View File

@@ -1,51 +0,0 @@
# docker scout policy
<!---MARKER_GEN_START-->
Evaluate policies against an image and display the policy evaluation results (experimental)
### Options
| Name | Type | Default | Description |
|:--------------------|:---------|:--------|:------------------------------------------------------------|
| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to pull policy results from |
| `--to-env` | `string` | | Name of the environment to compare to |
| `--to-latest` | | | Latest image processed to compare to |
<!---MARKER_GEN_END-->
## Description
The `docker scout policy` command evaluates policies against an image.
The image analysis is uploaded to Docker Scout where policies get evaluated.
The policy evaluation results may take a few minutes to become available.
## Examples
### Evaluate policies against an image and display the results
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1
```
### Evaluate policies against an image for a specific organization
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy
```
### Evaluate policies against an image with a specific platform
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64
```
### Compare policy results for a repository in a specific environment
```console
$ docker scout policy dockerscoutpolicy/customers-api-service --to-env production
```

29
_vendor/github.com/docker/scout-cli/docs/scout_push.md generated
View File

@@ -1,29 +0,0 @@
# docker scout push
<!---MARKER_GEN_START-->
Push an image or image index to Docker Scout (experimental)
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:-------------------------------------------------------------------|
| `--author` | `string` | | Name of the author of the image |
| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--sbom` | | | Create and upload SBOMs |
| `--timestamp` | `string` | | Timestamp of image or tag creation |
<!---MARKER_GEN_END-->
## Description
The `docker scout push` command lets you push an image or analysis result to Docker Scout.
## Examples
### Push an image to Docker Scout
```console
$ docker scout push --org my-org registry.example.com/repo:tag
```

96
_vendor/github.com/docker/scout-cli/docs/scout_quickview.md generated
View File

@@ -1,96 +0,0 @@
# docker scout quickview
<!---MARKER_GEN_START-->
Quick overview of an image
### Aliases
`docker scout quickview`, `docker scout qv`
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:--------------------------------------------------------------------------------------------------------|
| `--env` | `string` | | Name of the environment |
| `--latest` | | | Latest indexed image |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
<!---MARKER_GEN_END-->
## Description
The `docker scout quickview` command displays a quick overview of an image.
It displays a summary of the vulnerabilities in the specified image
and vulnerabilities from the base image.
If available, it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
## Examples
### Quick overview of an image
```console
$ docker scout quickview golang:1.19.4
...Pulling
✓ Pulled
✓ SBOM of image already cached, 278 packages indexed
Your image golang:1.19.4 │ 5C 3H 6M 63L
Base image buildpack-deps:bullseye-scm │ 5C 1H 3M 48L 6?
Refreshed base image buildpack-deps:bullseye-scm │ 0C 0H 0M 42L
│ -5 -1 -3 -6 -6
Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L
│ -5 -1 -2 -19 -6
```
### Quick overview of the most recently built image
```console
$ docker scout qv
```
### Quick overview from an SPDX file
```console
$ syft -o spdx-json alpine:3.16.1 | docker scout quickview sbom://
✔ Loaded image alpine:3.16.1
✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
├── ✔ Packages [14 packages]
├── ✔ File digests [75 files]
├── ✔ File metadata [75 locations]
└── ✔ Executables [16 executables]
Target │ <stdin> │ 1C 2H 8M 0L
digest │ 274a317d88b5 │
```

71
_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md generated
View File

@@ -1,71 +0,0 @@
# docker scout recommendations
<!---MARKER_GEN_START-->
Display available base image updates and remediation recommendations
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:--------------------------------------------------------------------------------------------------------|
| `--only-refresh` | | | Only display base image refresh recommendations |
| `--only-update` | | | Only display base image update recommendations |
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
| `--tag` | `string` | | Specify tag |
<!---MARKER_GEN_END-->
## Description
The `docker scout recommendations` command display recommendations for base images updates.
It analyzes the image and display recommendations to refresh or update the base image.
For each recommendation it shows a list of benefits, such as
fewer vulnerabilities or smaller image size.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples
### Display base image update recommendations
```console
$ docker scout recommendations golang:1.19.4
```
### Display base image refresh only recommendations
```console
$ docker scout recommendations --only-refresh golang:1.19.4
```
### Display base image update only recommendations
```console
$ docker scout recommendations --only-update golang:1.19.4
```

17
_vendor/github.com/docker/scout-cli/docs/scout_repo.md generated
View File

@@ -1,17 +0,0 @@
# docker scout repo
<!---MARKER_GEN_START-->
Commands to list, enable, and disable Docker Scout on repositories
### Subcommands
| Name | Description |
|:-----------------------------------|:-------------------------------|
| [`disable`](scout_repo_disable.md) | Disable Docker Scout |
| [`enable`](scout_repo_enable.md) | Enable Docker Scout |
| [`list`](scout_repo_list.md) | List Docker Scout repositories |
<!---MARKER_GEN_END-->

43
_vendor/github.com/docker/scout-cli/docs/scout_repo_disable.md generated
View File

@@ -1,43 +0,0 @@
# docker scout repo disable
<!---MARKER_GEN_START-->
Disable Docker Scout
### Options
| Name | Type | Default | Description |
|:----------------|:---------|:--------|:-----------------------------------------------------------------------------|
| `--all` | | | Disable all repositories of the organization. Can not be used with --filter. |
| `--filter` | `string` | | Regular expression to filter repositories by name |
| `--integration` | `string` | | Name of the integration to use for enabling an image |
| `--org` | `string` | | Namespace of the Docker organization |
| `--registry` | `string` | | Container Registry |
<!---MARKER_GEN_END-->
## Examples
### Disable a specific repository
```console
$ docker scout repo disable my/repository
```
### Disable all repositories of the organization
```console
$ docker scout repo disable --all
```
### Disable some repositories based on a filter
```console
$ docker scout repo disable --filter namespace/backend
```
### Disable a repository from a specific registry
```console
$ docker scout repo disable my/repository --registry 123456.dkr.ecr.us-east-1.amazonaws.com
```

43
_vendor/github.com/docker/scout-cli/docs/scout_repo_enable.md generated
View File

@@ -1,43 +0,0 @@
# docker scout repo enable
<!---MARKER_GEN_START-->
Enable Docker Scout
### Options
| Name | Type | Default | Description |
|:----------------|:---------|:--------|:----------------------------------------------------------------------------|
| `--all` | | | Enable all repositories of the organization. Can not be used with --filter. |
| `--filter` | `string` | | Regular expression to filter repositories by name |
| `--integration` | `string` | | Name of the integration to use for enabling an image |
| `--org` | `string` | | Namespace of the Docker organization |
| `--registry` | `string` | | Container Registry |
<!---MARKER_GEN_END-->
## Examples
### Enable a specific repository
```console
$ docker scout repo enable my/repository
```
### Enable all repositories of the organization
```console
$ docker scout repo enable --all
```
### Enable some repositories based on a filter
```console
$ docker scout repo enable --filter namespace/backend
```
### Enable a repository from a specific registry
```console
$ docker scout repo enable my/repository --registry 123456.dkr.ecr.us-east-1.amazonaws.com
```

18
_vendor/github.com/docker/scout-cli/docs/scout_repo_list.md generated
View File

@@ -1,18 +0,0 @@
# docker scout repo list
<!---MARKER_GEN_START-->
List Docker Scout repositories
### Options
| Name | Type | Default | Description |
|:------------------|:---------|:--------|:---------------------------------------------------------------------------|
| `--filter` | `string` | | Regular expression to filter repositories by name |
| `--only-disabled` | | | Filter to disabled repositories only |
| `--only-enabled` | | | Filter to enabled repositories only |
| `--only-registry` | `string` | | Filter to a specific registry only:<br>- hub.docker.com<br>- ecr (AWS ECR) |
| `--org` | `string` | | Namespace of the Docker organization |
<!---MARKER_GEN_END-->

83
_vendor/github.com/docker/scout-cli/docs/scout_sbom.md generated
View File

@@ -1,83 +0,0 @@
# docker scout sbom
<!---MARKER_GEN_START-->
Generate or display SBOM of an image
### Options
| Name | Type | Default | Description |
|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------|
| `--format` | `string` | `json` | Output format:<br>- list: list of packages of the image<br>- json: json representation of the SBOM<br>- spdx: spdx representation of the SBOM |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)<br>Can only be used with --format list |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
<!---MARKER_GEN_END-->
## Description
The `docker scout sbom` command analyzes a software artifact to generate a
Software Bill Of Materials (SBOM).
The SBOM contains a list of all packages in the image.
You can use the `--format` flag to filter the output of the command
to display only packages of a specific type.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
## Examples
### Display the list of packages
```console
$ docker scout sbom --format list alpine
```
### Only display packages of a specific type
```console
$ docker scout sbom --format list --only-package-type apk alpine
```
### Display the full SBOM in JSON format
```console
$ docker scout sbom alpine
```
### Display the full SBOM of the most recently built image
```console
$ docker scout sbom
```
### Write SBOM to a file
```console
$ docker scout sbom --output alpine.sbom alpine
```

47
_vendor/github.com/docker/scout-cli/docs/scout_stream.md generated
View File

@@ -1,47 +0,0 @@
# docker scout stream
<!---MARKER_GEN_START-->
Manage streams (experimental)
### Options
| Name | Type | Default | Description |
|:-----------------|:---------|:--------|:-------------------------------------|
| `--org` | `string` | | Namespace of the Docker organization |
| `-o`, `--output` | `string` | | Write the report to a file |
| `--platform` | `string` | | Platform of image to record |
<!---MARKER_GEN_END-->
## Description
The `docker scout stream` command lists the deployment streams and records an image to it.
Once recorded, streams can be referred to by their name, eg. in the `docker scout compare` command using `--to-stream`.
## Examples
### List existing streams
```console
$ %[1]s %[2]s
prod-cluster-123
stage-cluster-234
```
### List images of a stream
```console
$ %[1]s %[2]s prod-cluster-123
namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b
namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f
```
### Record an image to a stream, for a specific platform
```console
$ %[1]s %[2]s stage-cluster-234 namespace/repo:stage-latest --platform linux/amd64
✓ Pulled
✓ Successfully recorded namespace/repo:stage-latest in stream stage-cluster-234
```

38
_vendor/github.com/docker/scout-cli/docs/scout_version.md generated
View File

@@ -1,38 +0,0 @@
# docker scout version
```
docker scout version
```
<!---MARKER_GEN_START-->
Show Docker Scout version information
<!---MARKER_GEN_END-->
## Examples
```console
$ docker scout version
⢀⢀⢀ ⣀⣀⡤⣔⢖⣖⢽⢝
⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀ ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅
⡜⡜⡜⡜⡜⡜⠜⠈⠈ ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺
⢘⢜⢜⢜⢜⠜ ⠈⠪⡳⡵⣹⡪⠇
⠨⡪⡪⡪⠂ ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀ ⠘⢝⢮⡚ _____ _
⠱⡱⠁ ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦ ⠘⡵⠁ / ____| Docker | |
⠁ ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣ ⠁ | (___ ___ ___ _ _| |_
⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳ \___ \ / __/ _ \| | | | __|
⢀ ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏ ⡀ ____) | (_| (_) | |_| | |_
⢀⢾⠄ ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝ ⢠⢣⢂ |_____/ \___\___/ \__,_|\__|
⡼⣕⢗⡄ ⠈⠓⠝⢮⡳⣝⠮⠳⠙ ⢠⢢⢣⢣
⢰⡫⡮⡳⣝⢦⡀ ⢀⢔⢕⢕⢕⢕⠅
⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀ ⡀⡠⡢⡣⡣⡣⡣⡣⡃
⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁ ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈
⡯⡳⠳⠝⠊⠓⠉ ⠈⠈⠈⠈
version: v1.0.9 (go1.21.3 - darwin/arm64)
git commit: 8bf95bf60d084af341f70e8263342f71b0a3cd16
```

53
_vendor/github.com/docker/scout-cli/docs/scout_watch.md generated
View File

@@ -1,53 +0,0 @@
# docker scout watch
<!---MARKER_GEN_START-->
Watch repositories in a registry and push images and indexes to Docker Scout (experimental)
### Options
| Name | Type | Default | Description |
|:---------------------|:--------------|:--------|:------------------------------------------------------------------------------------|
| `--all-images` | | | Push all images instead of only the ones pushed during the watch command is running |
| `--dry-run` | | | Watch images and prepare them, but do not push them |
| `--interval` | `int64` | `60` | Interval in seconds between checks |
| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed |
| `--refresh-registry` | | | Refresh the list of repositories of a registry at every run. Only with --registry. |
| `--registry` | `string` | | Registry to watch |
| `--repository` | `stringSlice` | | Repository to watch |
| `--sbom` | | | Create and upload SBOMs |
| `--tag` | `stringSlice` | | Regular expression to match tags to watch |
| `--workers` | `int` | `3` | Number of concurrent workers |
<!---MARKER_GEN_END-->
## Description
The `docker scout watch` command watches repositories in a registry
and pushes images or analysis results to Docker Scout.
## Examples
### Watch for new images from two repositories and push them
```console
$ docker scout watch --org my-org --repository registry-1.example.com/repo-1 --repository registry-2.example.com/repo-2
```
### Only push images with a specific tag
```console
$ docker scout watch --org my-org --repository registry.example.com/my-service --tag latest
```
### Watch all repositories of a registry
```console
$ docker scout watch --org my-org --registry registry.example.com
```
### Push all images and not just the new ones
```console
$ docker scout watch--org my-org --repository registry.example.com/my-service --all-images
```