From 5a6ea4bf8761a18b57c09a0215aeb3435a7c0827 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Thu, 31 Aug 2023 09:38:22 +0200 Subject: [PATCH] scout: vendor cli reference v0.23.3 Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- .../docker/scout-cli/docs/docker_scout.yaml | 14 +- .../scout-cli/docs/docker_scout_cache.yaml | 28 ++++ .../scout-cli/docs/docker_scout_cache_df.yaml | 66 +++++++++ .../docs/docker_scout_cache_prune.yaml | 68 +++++++++ .../scout-cli/docs/docker_scout_compare.yaml | 22 ++- .../scout-cli/docs/docker_scout_config.yaml | 48 ++++++ .../scout-cli/docs/docker_scout_cves.yaml | 120 ++++++++++++++- .../scout-cli/docs/docker_scout_enroll.yaml | 24 +++ .../docs/docker_scout_environment.yaml | 89 +++++++++++ .../scout-cli/docs/docker_scout_policy.yaml | 85 +++++++++++ .../scout-cli/docs/docker_scout_push.yaml | 40 ++++- .../docs/docker_scout_quickview.yaml | 27 ++++ .../docs/docker_scout_recommendations.yaml | 9 ++ .../docs/docker_scout_repo_list.yaml | 2 +- .../scout-cli/docs/docker_scout_stream.yaml | 55 ++++++- .../scout-cli/docs/docker_scout_watch.yaml | 139 ++++++++++++++++++ .../github.com/docker/scout-cli/docs/scout.md | 29 ++-- .../docker/scout-cli/docs/scout_cache.md | 16 ++ .../docker/scout-cli/docs/scout_cache_df.md | 55 +++++++ .../scout-cli/docs/scout_cache_prune.md | 42 ++++++ .../docker/scout-cli/docs/scout_compare.md | 3 +- .../docker/scout-cli/docs/scout_config.md | 37 +++++ .../docker/scout-cli/docs/scout_cves.md | 83 ++++++++--- .../docker/scout-cli/docs/scout_enroll.md | 11 ++ .../scout-cli/docs/scout_environment.md | 52 +++++++ .../docker/scout-cli/docs/scout_policy.md | 35 +++++ .../docker/scout-cli/docs/scout_push.md | 22 ++- .../docker/scout-cli/docs/scout_quickview.md | 2 + .../scout-cli/docs/scout_recommendations.md | 1 + .../docker/scout-cli/docs/scout_sbom.md | 2 +- .../docker/scout-cli/docs/scout_stream.md | 43 +++++- .../docker/scout-cli/docs/scout_watch.md | 51 +++++++ _vendor/modules.txt | 2 +- .../reference/commandline/scout_cache.md | 16 ++ .../reference/commandline/scout_cache_df.md | 16 ++ .../commandline/scout_cache_prune.md | 16 ++ .../reference/commandline/scout_config.md | 16 ++ .../reference/commandline/scout_enroll.md | 16 ++ .../commandline/scout_environment.md | 16 ++ .../reference/commandline/scout_policy.md | 16 ++ .../reference/commandline/scout_watch.md | 16 ++ data/toc.yaml | 18 ++- go.mod | 2 +- go.sum | 2 + 44 files changed, 1409 insertions(+), 63 deletions(-) create mode 100644 _vendor/github.com/docker/scout-cli/docs/docker_scout_cache.yaml create mode 100644 _vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml create mode 100644 _vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml create mode 100644 _vendor/github.com/docker/scout-cli/docs/docker_scout_config.yaml create mode 100644 _vendor/github.com/docker/scout-cli/docs/docker_scout_enroll.yaml create mode 100644 _vendor/github.com/docker/scout-cli/docs/docker_scout_environment.yaml create mode 100644 _vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml create mode 100644 _vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml create mode 100644 _vendor/github.com/docker/scout-cli/docs/scout_cache.md create mode 100644 _vendor/github.com/docker/scout-cli/docs/scout_cache_df.md create mode 100644 _vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md create mode 100644 _vendor/github.com/docker/scout-cli/docs/scout_config.md create mode 100644 _vendor/github.com/docker/scout-cli/docs/scout_enroll.md create mode 100644 _vendor/github.com/docker/scout-cli/docs/scout_environment.md create mode 100644 _vendor/github.com/docker/scout-cli/docs/scout_policy.md create mode 100644 _vendor/github.com/docker/scout-cli/docs/scout_watch.md create mode 100644 content/engine/reference/commandline/scout_cache.md create mode 100644 content/engine/reference/commandline/scout_cache_df.md create mode 100644 content/engine/reference/commandline/scout_cache_prune.md create mode 100644 content/engine/reference/commandline/scout_config.md create mode 100644 content/engine/reference/commandline/scout_enroll.md create mode 100644 content/engine/reference/commandline/scout_environment.md create mode 100644 content/engine/reference/commandline/scout_policy.md create mode 100644 content/engine/reference/commandline/scout_watch.md diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml index 0d98f3a178..02c4145838 100644 --- a/_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout.yaml @@ -5,22 +5,28 @@ usage: docker scout [command] pname: docker plink: docker.yaml cname: + - docker scout cache - docker scout compare + - docker scout config - docker scout cves - - docker scout push + - docker scout enroll + - docker scout environment + - docker scout policy - docker scout quickview - docker scout recommendations - docker scout repo - - docker scout stream - docker scout version clink: + - docker_scout_cache.yaml - docker_scout_compare.yaml + - docker_scout_config.yaml - docker_scout_cves.yaml - - docker_scout_push.yaml + - docker_scout_enroll.yaml + - docker_scout_environment.yaml + - docker_scout_policy.yaml - docker_scout_quickview.yaml - docker_scout_recommendations.yaml - docker_scout_repo.yaml - - docker_scout_stream.yaml - docker_scout_version.yaml options: - option: debug diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache.yaml new file mode 100644 index 0000000000..e9b7585afc --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache.yaml @@ -0,0 +1,28 @@ +command: docker scout cache +short: Manage Docker Scout cache and temporary files +long: Manage Docker Scout cache and temporary files +pname: docker scout +plink: docker_scout.yaml +cname: + - docker scout cache df + - docker scout cache prune +clink: + - docker_scout_cache_df.yaml + - docker_scout_cache_prune.yaml +inherited_options: + - option: debug + value_type: bool + default_value: "false" + description: Debug messages + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml new file mode 100644 index 0000000000..e7e0c7a190 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_df.yaml @@ -0,0 +1,66 @@ +command: docker scout cache df +short: Show Docker Scout disk usage +long: |- + Docker Scout stores temporary files to generate SBOMs of images and cache the results to not generate or fetch them again. + + This `docker scout cache df` command will list all the temporary and cached data on the host. Each is identified by the + digest of the image. + + Those data can be deleted using the `docker scout cache prune` command. +usage: docker scout cache df +pname: docker scout cache +plink: docker_scout_cache.yaml +inherited_options: + - option: debug + value_type: bool + default_value: "false" + description: Debug messages + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +examples: |- + ### List temporary and cache files + + ```console + $ docker scout cache df + Docker Scout temporary directory to generate SBOMs is located at: + /var/folders/dw/d6h9w2sx6rv3lzwwgrnx7t5h0000gp/T/docker-scout + this path can be configured using the DOCKER_SCOUT_CACHE_DIR environment variable + + Image Digest │ Size + ──────────────────────────────────────────────────────────────────────────┼──────── + sha256:c41ab5c992deb4fe7e5da09f67a8804a46bd0592bfdf0b1847dde0e0889d2bff │ 21 kB + + Total: 21 kB + + + Docker Scout cached SBOMs are located at: + /Users/user/.docker/scout/sbom + + Image Digest │ Size of SBOM + ──────────────────────────────────────────────────────────────────────────┼─────────────── + sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11 │ 42 kB + sha256:03fc002fe4f370463a8f04d3a288cdffa861e462fc8b5be44ab62b296ad95183 │ 100 kB + sha256:088134dd33e4a2997480a1488a41c11abebda465da5cf7f305a0ecf8ed494329 │ 194 kB + sha256:0b80b2f17aff7ee5bfb135c69d0d6fe34070e89042b7aac73d1abcc79cfe6759 │ 852 kB + sha256:0c9e8abe31a5f17d84d5c85d3853d2f948a4f126421e89e68753591f1b6fedc5 │ 930 kB + sha256:0d49cae0723c8d310e413736b5e91e0c59b605ade2546f6e6ef8f1f3ddc76066 │ 510 kB + sha256:0ef04748d071c2e631bb3edce8f805cb5512e746b682c83fdae6d8c0b243280b │ 1.0 MB + sha256:13fd22925b638bb7d2131914bb8f8b0f5f582bee364aec682d9e7fe722bb486a │ 42 kB + sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB + + Total: 4 MB + + + What's Next? + Delete all cached SBOMs → docker scout prune + ``` +deprecated: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml new file mode 100644 index 0000000000..c1a133e46e --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cache_prune.yaml @@ -0,0 +1,68 @@ +command: docker scout cache prune +short: Remove temporary or cached data +long: |- + Docker Scout stores temporary files to generate SBOMs of images and cache those SBOMs to not generate or fetch them again. + + The `docker scout cache prune` command will remove all the temporary files used while generating the SBOMs. + + By default the cached SBOMs will not be deleted are they can be used by the different `docker scout` commands. But the `--sboms` + flag can be used to delete them. +usage: docker scout cache prune +pname: docker scout cache +plink: docker_scout_cache.yaml +options: + - option: force + shorthand: f + value_type: bool + default_value: "false" + description: Do not prompt for confirmation + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: sboms + value_type: bool + default_value: "false" + description: Prune cached SBOMs + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: debug + value_type: bool + default_value: "false" + description: Debug messages + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +examples: |- + ### Delete temporary data + + ```console + $ docker scout cache prune + ? Are you sure to delete all temporary data? Yes + ✓ temporary data deleted + ``` + + ### Delete temporary _and_ cache data + + ```console + $ docker scout cache prune --sboms + ? Are you sure to delete all temporary data and all cached SBOMs? Yes + ✓ temporary data deleted + ✓ cached SBOMs deleted + ``` +deprecated: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml index 568a0937e3..7c747d3068 100644 --- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml @@ -136,6 +136,15 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: org + value_type: string + description: Namespace of the Docker organization + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: output shorthand: o value_type: string @@ -175,6 +184,15 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: to-env + value_type: string + description: Name of environment to compare to + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: to-latest value_type: bool default_value: "false" @@ -199,8 +217,8 @@ options: - option: to-stream value_type: string description: Name of stream to compare to - deprecated: false - hidden: false + deprecated: true + hidden: true experimental: false experimentalcli: false kubernetes: false diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_config.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_config.yaml new file mode 100644 index 0000000000..e85a3af953 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_config.yaml @@ -0,0 +1,48 @@ +command: docker scout config +short: Manage Docker Scout configuration +long: |- + `docker scout config` allows you to list, get and set Docker Scout configuration. + + Available configuration key: + - `organization`: Namespace of the Docker organization to be used by default if it cannot be inferred from the image reference +usage: docker scout config [KEY] [VALUE] +pname: docker scout +plink: docker_scout.yaml +inherited_options: + - option: debug + value_type: bool + default_value: "false" + description: Debug messages + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +examples: |- + ### List existing configuration + + ```console + $ docker scout config + organization=my-org-namespace + ``` + + ### Print configuration value + + ```console + $ docker scout config organization + my-org-namespace + ``` + + ### Set configuration value + + ```console + $ docker scout config organization my-org-namespace + ✓ Successfully set organization to my-org-namespace + ``` +deprecated: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml index 30db2d6362..68f90f81c4 100644 --- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml @@ -34,6 +34,15 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: env + value_type: string + description: Name of environment + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: exit-code shorthand: e value_type: bool @@ -52,7 +61,7 @@ options: Output format of the generated vulnerability report: - packages: default output, plain text with vulnerabilities grouped by packages - sarif: json Sarif output - - markdown: markdown output + - markdown: markdown output (including some html tags like collapsible sections) deprecated: false hidden: false experimental: false @@ -110,6 +119,16 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: only-package + value_type: stringSlice + default_value: '[]' + description: Comma separated regular expressions to filter packages by + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: only-package-type value_type: stringSlice default_value: '[]' @@ -152,6 +171,26 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: only-vuln-packages + value_type: bool + default_value: "false" + description: | + When used with --format=only-packages ignore packages with no vulnerabilities + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: org + value_type: string + description: Namespace of the Docker organization + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: output shorthand: o value_type: string @@ -182,6 +221,15 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: stream + value_type: string + description: Name of stream + deprecated: true + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: type value_type: string default_value: image @@ -196,6 +244,36 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: vex + value_type: bool + default_value: "false" + description: Apply VEX statements to filter CVEs + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: vex-author + value_type: stringSlice + default_value: '[]' + description: List of VEX statement authors to accept + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: vex-location + value_type: stringSlice + default_value: '[]' + description: File location of directory or file containing VEX statements + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false inherited_options: - option: debug value_type: bool @@ -252,6 +330,46 @@ examples: |- ✓ No vulnerable package detected ✓ Report written to alpine.sarif.json ``` + + ### Display markdown output + + The markdown output also contains HTML tags to have a better rendering. This output can be used for instance in Pull Request comments. + + ```console + $ docker scout cves --format markdown alpine + ✓ Pulled + ✓ SBOM of image already cached, 19 packages indexed + ✗ Detected 1 vulnerable package with 3 vulnerabilities +

:mag: Vulnerabilities of alpine

+ +
:package: Image Reference alpine + + + + + +
digestsha256:e3bd82196e98898cae9fe7fbfd6e2436530485974dc4fb3b7ddb69134eda2407
vulnerabilitiescritical: 0 high: 0 medium: 2 low: 0 unspecified: 1
platformlinux/arm64
size3.3 MB
packages19
+
+ + ... + ``` + + ### List all packages of a certain typethat are vulnerable + + The output will show the list of the packages of the image, that can be filtered, with the summary of vulnerabilities for each. + + By default even packages with no vulnerabilities will be displayed. + + ```console + $ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0 + ✓ Pulled + ✓ SBOM of image already cached, 296 packages indexed + ✗ Detected 1 vulnerable package with 40 vulnerabilities + + Name Version Type Vulnerabilities + ─────────────────────────────────────────────────────────── + stdlib 1.18 golang 2C 29H 8M 1L + ``` deprecated: false experimental: false experimentalcli: false diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_enroll.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_enroll.yaml new file mode 100644 index 0000000000..cfd4cc7484 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_enroll.yaml @@ -0,0 +1,24 @@ +command: docker scout enroll +short: Enroll an organization with Docker Scout +long: | + The `docker scout enroll` command enrolls an organization with Docker Scout. +usage: docker scout enroll ORG +pname: docker scout +plink: docker_scout.yaml +inherited_options: + - option: debug + value_type: bool + default_value: "false" + description: Debug messages + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_environment.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_environment.yaml new file mode 100644 index 0000000000..43b7c082d1 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_environment.yaml @@ -0,0 +1,89 @@ +command: docker scout environment +aliases: docker scout environment, docker scout env +short: Manage environments (experimental) +long: |- + The `docker scout environment` command lists the environments and records images to it. + + Once recorded, environments can be referred to by their name, eg. in the `docker scout compare` command using `--to-env`.` +usage: docker scout environment [ENVIRONMENT] [IMAGE] +pname: docker scout +plink: docker_scout.yaml +options: + - option: app + value_type: string + description: Name of application the image is a part of + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: org + value_type: string + description: Namespace of the Docker organization + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: output + shorthand: o + value_type: string + description: Write the report to a file. + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: platform + value_type: string + description: Platform of image to record + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: debug + value_type: bool + default_value: "false" + description: Debug messages + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +examples: |- + ### List existing environments + + ```console + $ docker scout environment + prod + staging + ``` + + ### List images of an environment + + ```console + $ docker scout environment staging + namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b + namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f + ``` + + ### Record an image to an environment, for a specific platform + + ```console + $ docker scout environment staging namespace/repo:stage-latest --platform linux/amd64 + ✓ Pulled + ✓ Successfully recorded namespace/repo:stage-latest in environment staging + ``` +deprecated: false +experimental: false +experimentalcli: true +kubernetes: false +swarm: false + diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml new file mode 100644 index 0000000000..776f992ab6 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_policy.yaml @@ -0,0 +1,85 @@ +command: docker scout policy +short: Display the policy results of an image (experimental) +long: | + The `docker scout policy` command displays the policy results of an image if there are any. +usage: docker scout policy [IMAGE | REPO] +pname: docker scout +plink: docker_scout.yaml +options: + - option: env + value_type: string + description: Name of the environment to compare to. + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: exit-code + shorthand: e + value_type: bool + default_value: "false" + description: Return exit code '2' if policies are not met. + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: org + value_type: string + description: Namespace of the Docker organization + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: output + shorthand: o + value_type: string + description: Write the report to a file. + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: platform + value_type: string + description: Platform of image to pull policy results from. + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: debug + value_type: bool + default_value: "false" + description: Debug messages + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +examples: |- + ### Display the policy results of an image + + ```console + $ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 + ``` + + ### Compare policy results for a repository in a specific environment + + ```console + $ docker scout policy dockerscoutpolicy/customers-api-service --env production + ``` +deprecated: false +experimental: false +experimentalcli: true +kubernetes: false +swarm: false + diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml index ca9b3a8e8f..23a7c93f34 100644 --- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_push.yaml @@ -1,14 +1,33 @@ command: docker scout push short: Push an image or image index to Docker Scout (experimental) long: | - The docker scout push command allows to push an image or image index to Docker Scout. + The `docker scout push` command allows to push an image or image index to Docker Scout. usage: docker scout push IMAGE pname: docker scout plink: docker_scout.yaml options: - - option: namespace + - option: author value_type: string - description: Docker Hub namespace to push to + description: Name of the author of the image + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: org + value_type: string + description: Namespace of the Docker organization to which image will be pushed + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: output + shorthand: o + value_type: string + description: Write the report to a file. deprecated: false hidden: false experimental: false @@ -25,6 +44,15 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: timestamp + value_type: string + description: Timestamp of image or tag creation + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false inherited_options: - option: debug value_type: bool @@ -36,6 +64,12 @@ inherited_options: experimentalcli: false kubernetes: false swarm: false +examples: |- + ### Push an image to Docker Scout + + ```console + $ docker scout push --org my-org registry.example.com/repo:tag + ``` deprecated: false experimental: false experimentalcli: true diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml index 5b24c0c826..79ab808157 100644 --- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml @@ -11,6 +11,24 @@ usage: docker scout quickview [IMAGE|DIRECTORY|ARCHIVE] pname: docker scout plink: docker_scout.yaml options: + - option: env + value_type: string + description: Name of the environment + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: org + value_type: string + description: Namespace of the Docker organization + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: output shorthand: o value_type: string @@ -41,6 +59,15 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: stream + value_type: string + description: Name of stream + deprecated: true + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: type value_type: string default_value: image diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml index 1f695b65ae..3536fdd2c7 100644 --- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_recommendations.yaml @@ -46,6 +46,15 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: org + value_type: string + description: Namespace of the Docker organization + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: output shorthand: o value_type: string diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml index 96cb5e0dc4..bb76ef9fe0 100644 --- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_repo_list.yaml @@ -1,7 +1,7 @@ command: docker scout repo list short: Repo Docker Scout long: | - The docker scout repo list command shows all repsitories in an organization. + The docker scout repo list command shows all repositories in an organization. usage: docker scout repo list ORG pname: docker scout repo plink: docker_scout_repo.yaml diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_stream.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_stream.yaml index 88d76ee4fe..b4e04a34a8 100644 --- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_stream.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_stream.yaml @@ -1,12 +1,10 @@ command: docker scout stream -short: Record an image into a stream (experimental) +short: Manage streams (experimental) long: |- - The docker scout stream command records an image into a deployment stream. + The `docker scout stream` command lists the deployment streams and records an image to it. - This command is experimental and its behaviour might change in the future - - Once recorded, streams can be referred to by their name, eg. in the docker scout compare command using --to-stream. -usage: docker scout stream STREAM IMAGE + Once recorded, streams can be referred to by their name, eg. in the `docker scout compare` command using `--to-stream`. +usage: docker scout stream [STREAM] [IMAGE] pname: docker scout plink: docker_scout.yaml options: @@ -19,6 +17,25 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: org + value_type: string + description: Namespace of the Docker organization + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: output + shorthand: o + value_type: string + description: Write the report to a file. + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: platform value_type: string description: Platform of image to record @@ -39,7 +56,31 @@ inherited_options: experimentalcli: false kubernetes: false swarm: false -deprecated: false +examples: |- + ### List existing streams + + ```console + $ %[1]s %[2]s + prod-cluster-123 + stage-cluster-234 + ``` + + ### List images of a stream + + ```console + $ %[1]s %[2]s prod-cluster-123 + namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b + namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f + ``` + + ### Record an image to a stream, for a specific platform + + ```console + $ %[1]s %[2]s stage-cluster-234 namespace/repo:stage-latest --platform linux/amd64 + ✓ Pulled + ✓ Successfully recorded namespace/repo:stage-latest in stream stage-cluster-234 + ``` +deprecated: true experimental: false experimentalcli: true kubernetes: false diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml new file mode 100644 index 0000000000..30c5e25900 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_watch.yaml @@ -0,0 +1,139 @@ +command: docker scout watch +short: | + Watch repositories in a registry and push images and indexes to Docker Scout (experimental) +long: | + The `docker scout watch` command watches repositories in a registry and pushes images or image indexes to Docker Scout. +usage: docker scout watch +pname: docker scout +plink: docker_scout.yaml +options: + - option: all-images + value_type: bool + default_value: "false" + description: | + Push all images instead of only the ones pushed during the watch command is running + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: dry-run + value_type: bool + default_value: "false" + description: Watch images and prepare them, but do not push them + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: interval + value_type: int64 + default_value: "60" + description: Interval in seconds between checks + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: org + value_type: string + description: Namespace of the Docker organization to which image will be pushed + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: registry + value_type: string + description: Registry to watch + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: repository + value_type: stringSlice + default_value: '[]' + description: Repository to watch + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: sbom + value_type: bool + default_value: "true" + description: Create and upload SBOMs + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: tag + value_type: stringSlice + default_value: '[]' + description: Regular expression to match tags to watch + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: workers + value_type: int + default_value: "3" + description: Number of concurrent workers + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: debug + value_type: bool + default_value: "false" + description: Debug messages + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +examples: |- + ### Watch for new images from two repositories and push them + + ```console + $ docker scout watch --org my-org --repository registry-1.example.com/repo-1 --repository registry-2.example.com/repo-2 + ``` + + ### Only push images with a specific tag + + ```console + $ docker scout watch --org my-org --repository registry.example.com/my-service --tag latest + ``` + + ### Watch all repositories of a registry + + ```console + $ docker scout watch --org my-org --registry registry.example.com + ``` + + ### Push all images and not just the new ones + + ```console + $ docker scout watch--org my-org --repository registry.example.com/my-service --all-images + ``` +deprecated: false +experimental: false +experimentalcli: true +kubernetes: false +swarm: false + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout.md b/_vendor/github.com/docker/scout-cli/docs/scout.md index 566648f895..a3adc130b4 100644 --- a/_vendor/github.com/docker/scout-cli/docs/scout.md +++ b/_vendor/github.com/docker/scout-cli/docs/scout.md @@ -9,18 +9,23 @@ Command line tool for Docker Scout ### Subcommands -| Name | Description | -|:----------------------------------------------|:---------------------------------------------------------------------| -| [`compare`](scout_compare.md) | Compare two images and display differences (experimental) | -| [`cves`](scout_cves.md) | Display CVEs identified in a software artifact | -| [`entitlement`](scout_entitlement.md) | Manage entitlement of a Docker Hub repository | -| [`push`](scout_push.md) | Push an image or image index to Docker Scout (experimental) | -| [`quickview`](scout_quickview.md) | Quick overview of an image | -| [`recommendations`](scout_recommendations.md) | Display available base image updates and remediation recommendations | -| [`repo`](scout_repo.md) | Commands to list, enable, and disable Docker Scout on repositories | -| [`sbom`](scout_sbom.md) | Generate or display SBOM of an image | -| [`stream`](scout_stream.md) | Record an image into a stream (experimental) | -| [`version`](scout_version.md) | Show Docker Scout version information | +| Name | Description | +|:----------------------------------------------|:--------------------------------------------------------------------------------------------| +| [`cache`](scout_cache.md) | Manage Docker Scout cache and temporary files | +| [`compare`](scout_compare.md) | Compare two images and display differences (experimental) | +| [`config`](scout_config.md) | Manage Docker Scout configuration | +| [`cves`](scout_cves.md) | Display CVEs identified in a software artifact | +| [`enroll`](scout_enroll.md) | Enroll an organization with Docker Scout | +| [`environment`](scout_environment.md) | Manage environments (experimental) | +| [`policy`](scout_policy.md) | Display the policy results of an image (experimental) | +| [`push`](scout_push.md) | Push an image or image index to Docker Scout (experimental) | +| [`quickview`](scout_quickview.md) | Quick overview of an image | +| [`recommendations`](scout_recommendations.md) | Display available base image updates and remediation recommendations | +| [`repo`](scout_repo.md) | Commands to list, enable, and disable Docker Scout on repositories | +| [`sbom`](scout_sbom.md) | Generate or display SBOM of an image | +| [`stream`](scout_stream.md) | Manage streams (experimental) | +| [`version`](scout_version.md) | Show Docker Scout version information | +| [`watch`](scout_watch.md) | Watch repositories in a registry and push images and indexes to Docker Scout (experimental) | diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cache.md b/_vendor/github.com/docker/scout-cli/docs/scout_cache.md new file mode 100644 index 0000000000..9bb212dd3d --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_cache.md @@ -0,0 +1,16 @@ +# docker scout cache + + +Manage Docker Scout cache and temporary files + +### Subcommands + +| Name | Description | +|:--------------------------------|:--------------------------------| +| [`df`](scout_cache_df.md) | Show Docker Scout disk usage | +| [`prune`](scout_cache_prune.md) | Remove temporary or cached data | + + + + + diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md b/_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md new file mode 100644 index 0000000000..c536d5f70c --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_cache_df.md @@ -0,0 +1,55 @@ +# docker scout cache df + + +Show Docker Scout disk usage + + + + +## Description + +Docker Scout stores temporary files to generate SBOMs of images and cache the results to not generate or fetch them again. + +This `docker scout cache df` command will list all the temporary and cached data on the host. Each is identified by the +digest of the image. + +Those data can be deleted using the `docker scout cache prune` command. + +## Examples + +### List temporary and cache files + +```console +$ docker scout cache df +Docker Scout temporary directory to generate SBOMs is located at: + /var/folders/dw/d6h9w2sx6rv3lzwwgrnx7t5h0000gp/T/docker-scout + this path can be configured using the DOCKER_SCOUT_CACHE_DIR environment variable + + Image Digest │ Size +──────────────────────────────────────────────────────────────────────────┼──────── + sha256:c41ab5c992deb4fe7e5da09f67a8804a46bd0592bfdf0b1847dde0e0889d2bff │ 21 kB + +Total: 21 kB + + +Docker Scout cached SBOMs are located at: + /Users/user/.docker/scout/sbom + + Image Digest │ Size of SBOM +──────────────────────────────────────────────────────────────────────────┼─────────────── + sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11 │ 42 kB + sha256:03fc002fe4f370463a8f04d3a288cdffa861e462fc8b5be44ab62b296ad95183 │ 100 kB + sha256:088134dd33e4a2997480a1488a41c11abebda465da5cf7f305a0ecf8ed494329 │ 194 kB + sha256:0b80b2f17aff7ee5bfb135c69d0d6fe34070e89042b7aac73d1abcc79cfe6759 │ 852 kB + sha256:0c9e8abe31a5f17d84d5c85d3853d2f948a4f126421e89e68753591f1b6fedc5 │ 930 kB + sha256:0d49cae0723c8d310e413736b5e91e0c59b605ade2546f6e6ef8f1f3ddc76066 │ 510 kB + sha256:0ef04748d071c2e631bb3edce8f805cb5512e746b682c83fdae6d8c0b243280b │ 1.0 MB + sha256:13fd22925b638bb7d2131914bb8f8b0f5f582bee364aec682d9e7fe722bb486a │ 42 kB + sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB + +Total: 4 MB + + +What's Next? + Delete all cached SBOMs → docker scout prune +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md b/_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md new file mode 100644 index 0000000000..2ee9c5a7a4 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_cache_prune.md @@ -0,0 +1,42 @@ +# docker scout cache prune + + +Remove temporary or cached data + +### Options + +| Name | Type | Default | Description | +|:----------------|:-----|:--------|:-------------------------------| +| `-f`, `--force` | | | Do not prompt for confirmation | +| `--sboms` | | | Prune cached SBOMs | + + + + +## Description + +Docker Scout stores temporary files to generate SBOMs of images and cache those SBOMs to not generate or fetch them again. + +The `docker scout cache prune` command will remove all the temporary files used while generating the SBOMs. + +By default the cached SBOMs will not be deleted are they can be used by the different `docker scout` commands. But the `--sboms` +flag can be used to delete them. + +## Examples + +### Delete temporary data + +```console +$ docker scout cache prune +? Are you sure to delete all temporary data? Yes + ✓ temporary data deleted +``` + +### Delete temporary _and_ cache data + +```console +$ docker scout cache prune --sboms +? Are you sure to delete all temporary data and all cached SBOMs? Yes + ✓ temporary data deleted + ✓ cached SBOMs deleted +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_compare.md b/_vendor/github.com/docker/scout-cli/docs/scout_compare.md index dbaec26b64..beaa976c37 100644 --- a/_vendor/github.com/docker/scout-cli/docs/scout_compare.md +++ b/_vendor/github.com/docker/scout-cli/docs/scout_compare.md @@ -21,13 +21,14 @@ Compare two images and display differences (experimental) | `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by | | `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names | | `--only-unfixed` | | | Filter to unfixed CVEs | +| `--org` | `string` | | Namespace of the Docker organization | | `-o`, `--output` | `string` | | Write the report to a file. | | `--platform` | `string` | | Platform of image to analyze | | `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. | | `--to` | `string` | | Image, directory, or archive to compare to | +| `--to-env` | `string` | | Name of environment to compare to | | `--to-latest` | | | Latest image processed to compare to | | `--to-ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. | -| `--to-stream` | `string` | | Name of stream to compare to | | `--to-type` | `string` | `image` | Image type to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
| | `--type` | `string` | `image` | Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
| diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_config.md b/_vendor/github.com/docker/scout-cli/docs/scout_config.md new file mode 100644 index 0000000000..4ff939f337 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_config.md @@ -0,0 +1,37 @@ +# docker scout config + + +Manage Docker Scout configuration + + + + +## Description + +`docker scout config` allows you to list, get and set Docker Scout configuration. + +Available configuration key: +- `organization`: Namespace of the Docker organization to be used by default if it cannot be inferred from the image reference + +## Examples + +### List existing configuration + +```console +$ docker scout config +organization=my-org-namespace +``` + +### Print configuration value + +```console +$ docker scout config organization +my-org-namespace +``` + +### Set configuration value + +```console +$ docker scout config organization my-org-namespace + ✓ Successfully set organization to my-org-namespace +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md index d32be74e2e..d388770526 100644 --- a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md +++ b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md @@ -9,24 +9,31 @@ Display CVEs identified in a software artifact ### Options -| Name | Type | Default | Description | -|:----------------------|:--------------|:-----------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `--details` | | | Print details on default text output | -| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected | -| `--format` | `string` | `packages` | Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- markdown: markdown output
| -| `--ignore-base` | | | Filter out CVEs introduced from base image | -| `--locations` | | | Print package locations including file paths and layer diff_id | -| `--multi-stage` | | | Show packages from multi-stage Docker builds | -| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for | -| `--only-fixed` | | | Filter to fixable CVEs | -| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) | -| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by | -| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names | -| `--only-unfixed` | | | Filter to unfixed CVEs | -| `-o`, `--output` | `string` | | Write the report to a file. | -| `--platform` | `string` | | Platform of image to analyze | -| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. | -| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
| +| Name | Type | Default | Description | +|:-----------------------|:--------------|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `--details` | | | Print details on default text output | +| `--env` | `string` | | Name of environment | +| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected | +| `--format` | `string` | `packages` | Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- markdown: markdown output (including some html tags like collapsible sections)
| +| `--ignore-base` | | | Filter out CVEs introduced from base image | +| `--locations` | | | Print package locations including file paths and layer diff_id | +| `--multi-stage` | | | Show packages from multi-stage Docker builds | +| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for | +| `--only-fixed` | | | Filter to fixable CVEs | +| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by | +| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) | +| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by | +| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names | +| `--only-unfixed` | | | Filter to unfixed CVEs | +| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities | +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file. | +| `--platform` | `string` | | Platform of image to analyze | +| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. | +| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:
- image
- oci-dir
- archive (docker save tarball)
| +| `--vex` | | | Apply VEX statements to filter CVEs | +| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept | +| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements | @@ -99,3 +106,43 @@ Analyzing image alpine ✓ No vulnerable package detected ✓ Report written to alpine.sarif.json ``` + +### Display markdown output + +The markdown output also contains HTML tags to have a better rendering. This output can be used for instance in Pull Request comments. + +```console +$ docker scout cves --format markdown alpine + ✓ Pulled + ✓ SBOM of image already cached, 19 packages indexed + ✗ Detected 1 vulnerable package with 3 vulnerabilities +

:mag: Vulnerabilities of alpine

+ +
:package: Image Reference alpine + + + + + +
digestsha256:e3bd82196e98898cae9fe7fbfd6e2436530485974dc4fb3b7ddb69134eda2407
vulnerabilitiescritical: 0 high: 0 medium: 2 low: 0 unspecified: 1
platformlinux/arm64
size3.3 MB
packages19
+
+ +... +``` + +### List all packages of a certain typethat are vulnerable + +The output will show the list of the packages of the image, that can be filtered, with the summary of vulnerabilities for each. + +By default even packages with no vulnerabilities will be displayed. + +```console +$ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0 + ✓ Pulled + ✓ SBOM of image already cached, 296 packages indexed + ✗ Detected 1 vulnerable package with 40 vulnerabilities + + Name Version Type Vulnerabilities +─────────────────────────────────────────────────────────── + stdlib 1.18 golang 2C 29H 8M 1L +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_enroll.md b/_vendor/github.com/docker/scout-cli/docs/scout_enroll.md new file mode 100644 index 0000000000..b60fd3471f --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_enroll.md @@ -0,0 +1,11 @@ +# docker scout enroll + + +Enroll an organization with Docker Scout + + + + +## Description + +The `docker scout enroll` command enrolls an organization with Docker Scout. diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_environment.md b/_vendor/github.com/docker/scout-cli/docs/scout_environment.md new file mode 100644 index 0000000000..d9b3c49a54 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_environment.md @@ -0,0 +1,52 @@ +# docker scout environment + + +Manage environments (experimental) + +### Aliases + +`docker scout environment`, `docker scout env` + +### Options + +| Name | Type | Default | Description | +|:-----------------|:---------|:--------|:-------------------------------------------| +| `--app` | `string` | | Name of application the image is a part of | +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file. | +| `--platform` | `string` | | Platform of image to record | + + + + +## Description + +The `docker scout environment` command lists the environments and records images to it. + +Once recorded, environments can be referred to by their name, eg. in the `docker scout compare` command using `--to-env`.` + +## Examples + +### List existing environments + +```console +$ docker scout environment +prod +staging +``` + +### List images of an environment + +```console +$ docker scout environment staging +namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b +namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f +``` + +### Record an image to an environment, for a specific platform + +```console +$ docker scout environment staging namespace/repo:stage-latest --platform linux/amd64 +✓ Pulled +✓ Successfully recorded namespace/repo:stage-latest in environment staging +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_policy.md b/_vendor/github.com/docker/scout-cli/docs/scout_policy.md new file mode 100644 index 0000000000..9ed0bf4676 --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_policy.md @@ -0,0 +1,35 @@ +# docker scout policy + + +Display the policy results of an image (experimental) + +### Options + +| Name | Type | Default | Description | +|:--------------------|:---------|:--------|:-----------------------------------------------| +| `--env` | `string` | | Name of the environment to compare to. | +| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met. | +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file. | +| `--platform` | `string` | | Platform of image to pull policy results from. | + + + + +## Description + +The `docker scout policy` command displays the policy results of an image if there are any. + +## Examples + +### Display the policy results of an image + +```console +$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 +``` + +### Compare policy results for a repository in a specific environment + +```console +$ docker scout policy dockerscoutpolicy/customers-api-service --env production +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_push.md b/_vendor/github.com/docker/scout-cli/docs/scout_push.md index c77a9323cd..e55266ee73 100644 --- a/_vendor/github.com/docker/scout-cli/docs/scout_push.md +++ b/_vendor/github.com/docker/scout-cli/docs/scout_push.md @@ -5,11 +5,25 @@ Push an image or image index to Docker Scout (experimental) ### Options -| Name | Type | Default | Description | -|:--------------|:---------|:--------|:--------------------------------| -| `--namespace` | `string` | | Docker Hub namespace to push to | -| `--sbom` | | | Create and upload SBOMs | +| Name | Type | Default | Description | +|:-----------------|:---------|:--------|:-------------------------------------------------------------------| +| `--author` | `string` | | Name of the author of the image | +| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed | +| `-o`, `--output` | `string` | | Write the report to a file. | +| `--sbom` | | | Create and upload SBOMs | +| `--timestamp` | `string` | | Timestamp of image or tag creation | +## Description + +The `docker scout push` command allows to push an image or image index to Docker Scout. + +## Examples + +### Push an image to Docker Scout + +```console +$ docker scout push --org my-org registry.example.com/repo:tag +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md index ef40473cee..12a44a6a06 100644 --- a/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md +++ b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md @@ -11,6 +11,8 @@ Quick overview of an image | Name | Type | Default | Description | |:-----------------|:---------|:--------|:----------------------------------------------------------------------------------------------------------------| +| `--env` | `string` | | Name of the environment | +| `--org` | `string` | | Namespace of the Docker organization | | `-o`, `--output` | `string` | | Write the report to a file. | | `--platform` | `string` | | Platform of image to analyze | | `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. | diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md b/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md index c86436c65a..fd0c3fb3a0 100644 --- a/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md +++ b/_vendor/github.com/docker/scout-cli/docs/scout_recommendations.md @@ -9,6 +9,7 @@ Display available base image updates and remediation recommendations |:-----------------|:---------|:--------|:----------------------------------------------------------------------------------------------------------------| | `--only-refresh` | | | Only display base image refresh recommendations | | `--only-update` | | | Only display base image update recommendations | +| `--org` | `string` | | Namespace of the Docker organization | | `-o`, `--output` | `string` | | Write the report to a file. | | `--platform` | `string` | | Platform of image to analyze | | `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with --type archive. | diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md b/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md index 931f7bc45a..660caa08f2 100644 --- a/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md +++ b/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md @@ -52,7 +52,7 @@ $ docker scout sbom --format list alpine ### Only display packages of a specific type ```console -$ docker scout sbom --format list --only-package-type apk alpine + $ docker scout sbom --format list --only-package-type apk alpine ``` ### Display the full SBOM as json diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_stream.md b/_vendor/github.com/docker/scout-cli/docs/scout_stream.md index bf6e816ecf..6890f3d1b5 100644 --- a/_vendor/github.com/docker/scout-cli/docs/scout_stream.md +++ b/_vendor/github.com/docker/scout-cli/docs/scout_stream.md @@ -1,15 +1,48 @@ # docker scout stream -Record an image into a stream (experimental) +Manage streams (experimental) ### Options -| Name | Type | Default | Description | -|:-------------|:---------|:--------|:-------------------------------------------| -| `--app` | `string` | | Name of application the image is a part of | -| `--platform` | `string` | | Platform of image to record | +| Name | Type | Default | Description | +|:-----------------|:---------|:--------|:-------------------------------------------| +| `--app` | `string` | | Name of application the image is a part of | +| `--org` | `string` | | Namespace of the Docker organization | +| `-o`, `--output` | `string` | | Write the report to a file. | +| `--platform` | `string` | | Platform of image to record | +## Description + +The `docker scout stream` command lists the deployment streams and records an image to it. + +Once recorded, streams can be referred to by their name, eg. in the `docker scout compare` command using `--to-stream`. + +## Examples + +### List existing streams + +```console +$ %[1]s %[2]s +prod-cluster-123 +stage-cluster-234 +``` + +### List images of a stream + +```console +$ %[1]s %[2]s prod-cluster-123 +namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b +namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f +``` + +### Record an image to a stream, for a specific platform + +```console +$ %[1]s %[2]s stage-cluster-234 namespace/repo:stage-latest --platform linux/amd64 +✓ Pulled +✓ Successfully recorded namespace/repo:stage-latest in stream stage-cluster-234 +``` diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_watch.md b/_vendor/github.com/docker/scout-cli/docs/scout_watch.md new file mode 100644 index 0000000000..f3446ee68a --- /dev/null +++ b/_vendor/github.com/docker/scout-cli/docs/scout_watch.md @@ -0,0 +1,51 @@ +# docker scout watch + + +Watch repositories in a registry and push images and indexes to Docker Scout (experimental) + +### Options + +| Name | Type | Default | Description | +|:---------------|:--------------|:--------|:------------------------------------------------------------------------------------| +| `--all-images` | | | Push all images instead of only the ones pushed during the watch command is running | +| `--dry-run` | | | Watch images and prepare them, but do not push them | +| `--interval` | `int64` | `60` | Interval in seconds between checks | +| `--org` | `string` | | Namespace of the Docker organization to which image will be pushed | +| `--registry` | `string` | | Registry to watch | +| `--repository` | `stringSlice` | | Repository to watch | +| `--sbom` | | | Create and upload SBOMs | +| `--tag` | `stringSlice` | | Regular expression to match tags to watch | +| `--workers` | `int` | `3` | Number of concurrent workers | + + + + +## Description + +The `docker scout watch` command watches repositories in a registry and pushes images or image indexes to Docker Scout. + +## Examples + +### Watch for new images from two repositories and push them + +```console +$ docker scout watch --org my-org --repository registry-1.example.com/repo-1 --repository registry-2.example.com/repo-2 +``` + +### Only push images with a specific tag + +```console +$ docker scout watch --org my-org --repository registry.example.com/my-service --tag latest +``` + +### Watch all repositories of a registry + +```console +$ docker scout watch --org my-org --registry registry.example.com +``` + +### Push all images and not just the new ones + +```console +$ docker scout watch--org my-org --repository registry.example.com/my-service --all-images +``` diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 18dfa353ee..7b44feca13 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,7 +1,7 @@ # github.com/moby/moby v24.0.5+incompatible # github.com/moby/buildkit v0.12.1-0.20230830200556-05eb7287534b # github.com/docker/buildx v0.11.2 -# github.com/docker/scout-cli v0.20.0 +# github.com/docker/scout-cli v0.23.3 # github.com/docker/cli v24.0.5+incompatible # github.com/docker/compose-cli v1.0.35 # github.com/distribution/distribution v2.8.2+incompatible diff --git a/content/engine/reference/commandline/scout_cache.md b/content/engine/reference/commandline/scout_cache.md new file mode 100644 index 0000000000..4960ff5f78 --- /dev/null +++ b/content/engine/reference/commandline/scout_cache.md @@ -0,0 +1,16 @@ +--- +datafolder: scout-cli +datafile: docker_scout_cache +title: docker scout cache +layout: cli +--- + + + +{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_cache_df.md b/content/engine/reference/commandline/scout_cache_df.md new file mode 100644 index 0000000000..c47551ea30 --- /dev/null +++ b/content/engine/reference/commandline/scout_cache_df.md @@ -0,0 +1,16 @@ +--- +datafolder: scout-cli +datafile: docker_scout_cache_df +title: docker scout cache df +layout: cli +--- + + + +{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_cache_prune.md b/content/engine/reference/commandline/scout_cache_prune.md new file mode 100644 index 0000000000..8e36bb7593 --- /dev/null +++ b/content/engine/reference/commandline/scout_cache_prune.md @@ -0,0 +1,16 @@ +--- +datafolder: scout-cli +datafile: docker_scout_cache_prune +title: docker scout cache prune +layout: cli +--- + + + +{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_config.md b/content/engine/reference/commandline/scout_config.md new file mode 100644 index 0000000000..6b70073341 --- /dev/null +++ b/content/engine/reference/commandline/scout_config.md @@ -0,0 +1,16 @@ +--- +datafolder: scout-cli +datafile: docker_scout_config +title: docker scout config +layout: cli +--- + + + +{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_enroll.md b/content/engine/reference/commandline/scout_enroll.md new file mode 100644 index 0000000000..269f7bd978 --- /dev/null +++ b/content/engine/reference/commandline/scout_enroll.md @@ -0,0 +1,16 @@ +--- +datafolder: scout-cli +datafile: docker_scout_enroll +title: docker scout enroll +layout: cli +--- + + + +{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_environment.md b/content/engine/reference/commandline/scout_environment.md new file mode 100644 index 0000000000..2dba8596c8 --- /dev/null +++ b/content/engine/reference/commandline/scout_environment.md @@ -0,0 +1,16 @@ +--- +datafolder: scout-cli +datafile: docker_scout_environment +title: docker scout environment +layout: cli +--- + + + +{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_policy.md b/content/engine/reference/commandline/scout_policy.md new file mode 100644 index 0000000000..9a0120ff68 --- /dev/null +++ b/content/engine/reference/commandline/scout_policy.md @@ -0,0 +1,16 @@ +--- +datafolder: scout-cli +datafile: docker_scout_policy +title: docker scout policy +layout: cli +--- + + + +{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_watch.md b/content/engine/reference/commandline/scout_watch.md new file mode 100644 index 0000000000..20a7f49c7c --- /dev/null +++ b/content/engine/reference/commandline/scout_watch.md @@ -0,0 +1,16 @@ +--- +datafolder: scout-cli +datafile: docker_scout_watch +title: docker scout watch +layout: cli +--- + + + +{{< include "scout-early-access.md" >}} diff --git a/data/toc.yaml b/data/toc.yaml index c6495b4f1a..8e687dff36 100644 --- a/data/toc.yaml +++ b/data/toc.yaml @@ -563,12 +563,24 @@ Reference: section: - path: /engine/reference/commandline/scout/ title: docker scout + - path: /engine/reference/commandline/scout_cache/ + title: docker scout cache + - path: /engine/reference/commandline/scout_cache_df/ + title: docker scout cache df + - path: /engine/reference/commandline/scout_cache_prune/ + title: docker scout cache prune - path: /engine/reference/commandline/scout_compare/ title: docker scout compare + - path: /engine/reference/commandline/scout_config/ + title: docker scout config - path: /engine/reference/commandline/scout_cves/ title: docker scout cves - - path: /engine/reference/commandline/scout_entitlement/ - title: docker scout entitlement + - path: /engine/reference/commandline/scout_enroll/ + title: docker scout enroll + - path: /engine/reference/commandline/scout_environment/ + title: docker scout environment + - path: /engine/reference/commandline/scout_policy/ + title: docker scout policy - path: /engine/reference/commandline/scout_quickview/ title: docker scout quickview - path: /engine/reference/commandline/scout_recommendations/ @@ -587,6 +599,8 @@ Reference: title: docker scout stream - path: /engine/reference/commandline/scout_version/ title: docker scout version + - path: /engine/reference/commandline/scout_watch/ + title: docker scout watch - path: /engine/reference/commandline/search/ title: docker search - sectiontitle: docker secret diff --git a/go.mod b/go.mod index fc7c6d0857..b3203b0a42 100644 --- a/go.mod +++ b/go.mod @@ -9,8 +9,8 @@ require ( github.com/docker/cli v24.0.5+incompatible // indirect github.com/docker/compose-cli v1.0.35 // indirect github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/scout-cli v0.20.0 // indirect github.com/moby/buildkit v0.12.1-0.20230830200556-05eb7287534b // indirect + github.com/docker/scout-cli v0.23.3 // indirect github.com/moby/moby v24.0.5+incompatible // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0-rc4 // indirect diff --git a/go.sum b/go.sum index 06fcf8db1b..3087ba9aea 100644 --- a/go.sum +++ b/go.sum @@ -69,6 +69,8 @@ github.com/docker/scout-cli v0.22.3 h1:STf1Oq0+PSVaWEwNZ9UleHTEZ0JUP1py6eQaRK0qi github.com/docker/scout-cli v0.22.3/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= github.com/docker/scout-cli v0.23.0 h1:oFCNiO+11WhcnsXj3MF6uqJD49oBPMdJ3Pdq9XfZa4I= github.com/docker/scout-cli v0.23.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= +github.com/docker/scout-cli v0.23.3 h1:ToQ/Gw1clQ2GJ47Yt0HCefJB55oPOHZYH6rVxGdfF7Y= +github.com/docker/scout-cli v0.23.3/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=