centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-27 06:18:55 +07:00
Code Issues Packages Projects Releases Wiki Activity

scout: remove module for cli docs, vendor manually

Browse Source 
Upstream docs had a formatting issue that needed a hotfix.
Rather than fixing the vendored yaml,
which would be overwritten the next time update (any) vendored modules,
I decided to manually copy the cli reference yaml to the data dir.

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson
2026-01-05 09:14:52 +01:00
parent a54ead2a07
commit ec72262eed
70 changed files with 3 additions and 1528 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
data/scout-cli/docker_scout.yaml Normal file
View File

@@ -0,0 +1,69 @@
command: docker scout
short: Command line tool for Docker Scout
long: Command line tool for Docker Scout
usage: docker scout [command]
pname: docker
plink: docker.yaml
cname:
- docker scout attestation
- docker scout cache
- docker scout compare
- docker scout config
- docker scout cves
- docker scout enroll
- docker scout environment
- docker scout help
- docker scout integration
- docker scout policy
- docker scout push
- docker scout quickview
- docker scout recommendations
- docker scout repo
- docker scout version
- docker scout vex
- docker scout watch
clink:
- docker_scout_attestation.yaml
- docker_scout_cache.yaml
- docker_scout_compare.yaml
- docker_scout_config.yaml
- docker_scout_cves.yaml
- docker_scout_enroll.yaml
- docker_scout_environment.yaml
- docker_scout_help.yaml
- docker_scout_integration.yaml
- docker_scout_policy.yaml
- docker_scout_push.yaml
- docker_scout_quickview.yaml
- docker_scout_recommendations.yaml
- docker_scout_repo.yaml
- docker_scout_version.yaml
- docker_scout_vex.yaml
- docker_scout_watch.yaml
options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

41
data/scout-cli/docker_scout_attestation.yaml Normal file
View File

@@ -0,0 +1,41 @@
command: docker scout attestation
aliases: docker scout attestation, docker scout attest
short: Manage attestations on images
long: Manage attestations on images
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout attestation add
- docker scout attestation get
- docker scout attestation list
clink:
- docker_scout_attestation_add.yaml
- docker_scout_attestation_get.yaml
- docker_scout_attestation_list.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

83
data/scout-cli/docker_scout_attestation_add.yaml Normal file
View File

@@ -0,0 +1,83 @@
command: docker scout attestation add
aliases: docker scout attestation add, docker scout attest add
short: Add attestation to image
long: The docker scout attestation add command adds attestations to images.
usage: docker scout attestation add OPTIONS IMAGE [IMAGE...]
pname: docker scout attestation
plink: docker_scout_attestation.yaml
options:
- option: file
value_type: stringSlice
default_value: '[]'
description: File location of attestations to attach
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: predicate-type
value_type: string
description: Predicate-type for attestations
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: referrer
value_type: bool
default_value: "false"
description: Use OCI referrer API for pushing attestation
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: referrer-repository
value_type: string
default_value: registry.scout.docker.com
description: Repository to push referrer to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

123
data/scout-cli/docker_scout_attestation_get.yaml Normal file
View File

@@ -0,0 +1,123 @@
command: docker scout attestation get
aliases: docker scout attestation get, docker scout attest get
short: Get attestation for image
long: The docker scout attestation get command gets attestations for images.
usage: docker scout attestation get OPTIONS IMAGE [DIGEST]
pname: docker scout attestation
plink: docker_scout_attestation.yaml
options:
- option: key
value_type: string
default_value: https://registry.scout.docker.com/keyring/dhi/latest.pub
description: Signature key to use for verification
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: predicate
value_type: bool
default_value: "false"
description: Get in-toto predicate only dropping the subject
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: predicate-type
value_type: string
description: Predicate-type for attestation
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: skip-tlog
value_type: bool
default_value: "false"
description: Skip signature verification against public transaction log
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verify
value_type: bool
default_value: "false"
description: Verify the signature on the attestation
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

96
data/scout-cli/docker_scout_attestation_list.yaml Normal file
View File

@@ -0,0 +1,96 @@
command: docker scout attestation list
aliases: docker scout attestation list, docker scout attest list
short: List attestations for image
long: The docker scout attestation list command lists attestations for images.
usage: docker scout attestation list OPTIONS IMAGE
pname: docker scout attestation
plink: docker_scout_attestation.yaml
options:
- option: format
value_type: string
default_value: list
description: |-
Output format:
- list: list of attestations of the image
- json: json representation of the attestation list (default "json")
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: predicate-type
value_type: string
description: Predicate-type for attestations
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

38
data/scout-cli/docker_scout_cache.yaml Normal file
View File

@@ -0,0 +1,38 @@
command: docker scout cache
short: Manage Docker Scout cache and temporary files
long: Manage Docker Scout cache and temporary files
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout cache df
- docker scout cache prune
clink:
- docker_scout_cache_df.yaml
- docker_scout_cache_prune.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

73
data/scout-cli/docker_scout_cache_df.yaml Normal file
View File

@@ -0,0 +1,73 @@
command: docker scout cache df
short: Show Docker Scout disk usage
long: |-
Docker Scout uses a temporary cache storage for generating image SBOMs.
The cache helps avoid regenerating or fetching resources unnecessarily.
This `docker scout cache df` command shows the cached data on the host.
Each cache entry is identified by the digest of the image.
You can use the `docker scout cache prune` command to delete cache data at any time.
usage: docker scout cache df
pname: docker scout cache
plink: docker_scout_cache.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List temporary and cache files
```console
$ docker scout cache df
Docker Scout temporary directory to generate SBOMs is located at:
/var/folders/dw/d6h9w2sx6rv3lzwwgrnx7t5h0000gp/T/docker-scout
this path can be configured using the DOCKER_SCOUT_CACHE_DIR environment variable
Image Digest │ Size
──────────────────────────────────────────────────────────────────────────┼────────
sha256:c41ab5c992deb4fe7e5da09f67a8804a46bd0592bfdf0b1847dde0e0889d2bff │ 21 kB
Total: 21 kB
Docker Scout cached SBOMs are located at:
/Users/user/.docker/scout/sbom
Image Digest │ Size of SBOM
──────────────────────────────────────────────────────────────────────────┼───────────────
sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11 │ 42 kB
sha256:03fc002fe4f370463a8f04d3a288cdffa861e462fc8b5be44ab62b296ad95183 │ 100 kB
sha256:088134dd33e4a2997480a1488a41c11abebda465da5cf7f305a0ecf8ed494329 │ 194 kB
sha256:0b80b2f17aff7ee5bfb135c69d0d6fe34070e89042b7aac73d1abcc79cfe6759 │ 852 kB
sha256:0c9e8abe31a5f17d84d5c85d3853d2f948a4f126421e89e68753591f1b6fedc5 │ 930 kB
sha256:0d49cae0723c8d310e413736b5e91e0c59b605ade2546f6e6ef8f1f3ddc76066 │ 510 kB
sha256:0ef04748d071c2e631bb3edce8f805cb5512e746b682c83fdae6d8c0b243280b │ 1.0 MB
sha256:13fd22925b638bb7d2131914bb8f8b0f5f582bee364aec682d9e7fe722bb486a │ 42 kB
sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
Total: 4 MB
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

76
data/scout-cli/docker_scout_cache_prune.yaml Normal file
View File

@@ -0,0 +1,76 @@
command: docker scout cache prune
short: Remove temporary or cached data
long: |-
The `docker scout cache prune` command removes temporary data and SBOM cache.
By default, `docker scout cache prune` only deletes temporary data.
To delete temporary data and clear the SBOM cache, use the `--sboms` flag.
usage: docker scout cache prune
pname: docker scout cache
plink: docker_scout_cache.yaml
options:
- option: force
shorthand: f
value_type: bool
default_value: "false"
description: Do not prompt for confirmation
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: sboms
value_type: bool
default_value: "false"
description: Prune cached SBOMs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Delete temporary data
```console
$ docker scout cache prune
? Are you sure to delete all temporary data? Yes
✓ temporary data deleted
```
### Delete temporary and cache data
```console
$ docker scout cache prune --sboms
? Are you sure to delete all temporary data and all cached SBOMs? Yes
✓ temporary data deleted
✓ cached SBOMs deleted
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

380
data/scout-cli/docker_scout_compare.yaml Normal file
View File

@@ -0,0 +1,380 @@
command: docker scout compare
aliases: docker scout compare, docker scout diff
short: Compare two images and display differences (experimental)
long: |-
The `docker scout compare` command analyzes two images and displays a comparison.
> This command is **experimental** and its behaviour might change in the future
The intended use of this command is to compare two versions of the same image.
For instance, when a new image is built and compared to the version running in production.
If no image is specified, the most recently built image is used
as a comparison target.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
usage: docker scout compare --to IMAGE|DIRECTORY|ARCHIVE [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: exit-code
shorthand: e
value_type: bool
default_value: "false"
description: Return exit code '2' if vulnerability changes are detected
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: exit-on
shorthand: x
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of conditions to fail the action step if worse or changed, options are: vulnerability, policy, package
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: format
value_type: string
default_value: text
description: |-
Output format of the generated vulnerability report:
- text: default output, plain text with or without colors depending on the terminal
- markdown: Markdown output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: hide-policies
value_type: bool
default_value: "false"
description: Hide policy status from the output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-base
value_type: bool
default_value: "false"
description: Filter out CVEs introduced from base image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-suppressed
value_type: bool
default_value: "false"
description: |
Filter CVEs found in Scout exceptions based on the specified exception scope
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-unchanged
value_type: bool
default_value: "false"
description: Filter out unchanged packages
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: multi-stage
value_type: bool
default_value: "false"
description: Show packages from multi-stage Docker builds
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-fixed
value_type: bool
default_value: "false"
description: Filter to fixable CVEs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-package-type
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-policy
value_type: stringSlice
default_value: '[]'
description: Comma separated list of policies to evaluate
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-severity
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-stage
value_type: stringSlice
default_value: '[]'
description: Comma separated list of multi-stage Docker build stage names
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-unfixed
value_type: bool
default_value: "false"
description: Filter to unfixed CVEs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-vex-affected
value_type: bool
default_value: "false"
description: Filter CVEs by VEX statements with status not affected
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to
value_type: string
description: Image, directory, or archive to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-env
value_type: string
description: Name of environment to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-latest
value_type: bool
default_value: "false"
description: Latest image processed to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-stream
value_type: string
description: Name of stream to compare to
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex
value_type: bool
default_value: "false"
description: Apply VEX statements to filter CVEs
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex-author
value_type: stringSlice
default_value: '[<.*@docker.com>]'
description: List of VEX statement authors to accept
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex-location
value_type: stringSlice
default_value: '[]'
description: File location of directory or file containing VEX statements
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Compare the most recently built image to the latest tag
```console
$ docker scout compare --to namespace/repo:latest
```
### Compare local build to the same tag from the registry
```console
$ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
```
### Ignore base images
```console
$ docker scout compare --ignore-base --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Generate a markdown output
```console
$ docker scout compare --format markdown --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Only compare maven packages and only display critical vulnerabilities for maven packages
```console
$ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
### Show all policy results for both images
```console
docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
```
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

59
data/scout-cli/docker_scout_config.yaml Normal file
View File

@@ -0,0 +1,59 @@
command: docker scout config
short: Manage Docker Scout configuration
long: |-
`docker scout config` allows you to list, get and set Docker Scout configuration.
Available configuration key:
- `organization`: Namespace of the Docker organization to be used by default.
usage: docker scout config [KEY] [VALUE]
pname: docker scout
plink: docker_scout.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List existing configuration
```console
$ docker scout config
organization=my-org-namespace
```
### Print configuration value
```console
$ docker scout config organization
my-org-namespace
```
### Set configuration value
```console
$ docker scout config organization my-org-namespace
✓ Successfully set organization to my-org-namespace
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

568
data/scout-cli/docker_scout_cves.yaml Normal file
View File

@@ -0,0 +1,568 @@
command: docker scout cves
short: Display CVEs identified in a software artifact
long: |-
The `docker scout cves` command analyzes a software artifact for vulnerabilities.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
usage: docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: details
value_type: bool
default_value: "false"
description: Print details on default text output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: env
value_type: string
description: Name of environment
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: epss
value_type: bool
default_value: "false"
description: |
Display the EPSS scores and organize the package's CVEs according to their EPSS score
details_url: '#epss'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: epss-percentile
value_type: float32
default_value: "0"
description: |
Exclude CVEs with EPSS scores less than the specified percentile (0 to 1)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: epss-score
value_type: float32
default_value: "0"
description: |
Exclude CVEs with EPSS scores less than the specified value (0 to 1)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: exit-code
shorthand: e
value_type: bool
default_value: "false"
description: Return exit code '2' if vulnerabilities are detected
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: format
value_type: string
default_value: packages
description: |-
Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- spdx: json SPDX output
- gitlab: json GitLab output
- markdown: markdown output (including some html tags like collapsible sections)
- sbom: json SBOM output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-base
value_type: bool
default_value: "false"
description: Filter out CVEs introduced from base image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-suppressed
value_type: bool
default_value: "false"
description: |
Filter CVEs found in Scout exceptions based on the specified exception scope
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: local
value_type: bool
default_value: "false"
description: Local mode
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: local-vulndb
value_type: string
description: Local vulnerability database
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: locations
value_type: bool
default_value: "false"
description: Print package locations including file paths and layer diff_id
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: multi-stage
value_type: bool
default_value: "false"
description: Show packages from multi-stage Docker builds
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-base
value_type: bool
default_value: "false"
description: Only show CVEs introduced by the base image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-cisa-kev
value_type: bool
default_value: "false"
description: Filter to CVEs listed in the CISA KEV catalog
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-cve-id
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of CVE ids (like CVE-2021-45105) to search for
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-fixed
value_type: bool
default_value: "false"
description: Filter to fixable CVEs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-metric
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of CVSS metrics (like AV:N or PR:L) to filter CVEs by
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-package
value_type: stringSlice
default_value: '[]'
description: Comma separated regular expressions to filter packages by
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-package-type
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-severity
value_type: stringSlice
default_value: '[]'
description: |
Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-stage
value_type: stringSlice
default_value: '[]'
description: Comma separated list of multi-stage Docker build stage names
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-unfixed
value_type: bool
default_value: "false"
description: Filter to unfixed CVEs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-vex-affected
value_type: bool
default_value: "false"
description: Filter CVEs by VEX statements with status not affected
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-vuln-packages
value_type: bool
default_value: "false"
description: |
When used with --format=only-packages ignore packages with no vulnerabilities
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: stream
value_type: string
description: Name of stream
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex
value_type: bool
default_value: "false"
description: Apply VEX statements to filter CVEs
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex-author
value_type: stringSlice
default_value: '[<.*@docker.com>]'
description: List of VEX statement authors to accept
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex-location
value_type: stringSlice
default_value: '[]'
description: File location of directory or file containing VEX statements
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Display vulnerabilities grouped by package
```console
$ docker scout cves alpine
Analyzing image alpine
✓ Image stored for indexing
✓ Indexed 18 packages
✓ No vulnerable package detected
```
### Display vulnerabilities from a `docker save` tarball
```console
$ docker save alpine > alpine.tar
$ docker scout cves archive://alpine.tar
Analyzing archive alpine.tar
✓ Archive read
✓ SBOM of image already cached, 18 packages indexed
✓ No vulnerable package detected
```
### Display vulnerabilities from an OCI directory
```console
$ skopeo copy --override-os linux docker://alpine oci:alpine
$ docker scout cves oci-dir://alpine
Analyzing OCI directory alpine
✓ OCI directory read
✓ Image stored for indexing
✓ Indexed 19 packages
✓ No vulnerable package detected
```
### Display vulnerabilities from the current directory
```console
$ docker scout cves fs://.
```
### Export vulnerabilities to a SARIF JSON file
```console
$ docker scout cves --format sarif --output alpine.sarif.json alpine
Analyzing image alpine
✓ SBOM of image already cached, 18 packages indexed
✓ No vulnerable package detected
✓ Report written to alpine.sarif.json
```
### Display markdown output
The following example shows how to generate the vulnerability report as markdown.
```console
$ docker scout cves --format markdown alpine
✓ Pulled
✓ SBOM of image already cached, 19 packages indexed
✗ Detected 1 vulnerable package with 3 vulnerabilities
<h2>:mag: Vulnerabilities of <code>alpine</code></h2>
<details open="true"><summary>:package: Image Reference</strong> <code>alpine</code></summary>
<table>
<tr><td>digest</td><td><code>sha256:e3bd82196e98898cae9fe7fbfd6e2436530485974dc4fb3b7ddb69134eda2407</code></td><tr><tr><td>vulnerabilities</td><td><img alt="critical: 0" src="https://img.shields.io/badge/critical-0-lightgrey"/> <img alt="high: 0" src="https://img.shields.io/badge/high-0-lightgrey"/> <img alt="medium: 2" src="https://img.shields.io/badge/medium-2-fbb552"/> <img alt="low: 0" src="https://img.shields.io/badge/low-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/unspecified-1-lightgrey"/></td></tr>
<tr><td>platform</td><td>linux/arm64</td></tr>
<tr><td>size</td><td>3.3 MB</td></tr>
<tr><td>packages</td><td>19</td></tr>
</table>
</details></table>
</details>
...
```
### List all vulnerable packages of a certain type
The following example shows how to generate a list of packages, only including
packages of the specified type, and only showing packages that are vulnerable.
```console
$ docker scout cves --format only-packages --only-package-type golang --only-vuln-packages golang:1.18.0
✓ Pulled
✓ SBOM of image already cached, 296 packages indexed
✗ Detected 1 vulnerable package with 40 vulnerabilities
Name Version Type Vulnerabilities
───────────────────────────────────────────────────────────
stdlib 1.18 golang 2C 29H 8M 1L
```
### Display EPSS score (--epss) {#epss}
The `--epss` flag adds [Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
scores to the `docker scout cves` output. EPSS scores are estimates of the likelihood (probability)
that a software vulnerability will be exploited in the wild in the next 30 days.
The higher the score, the greater the probability that a vulnerability will be exploited.
```console {hl_lines="13,14"}
$ docker scout cves --epss nginx
✓ Provenance obtained from attestation
✓ SBOM obtained from attestation, 232 packages indexed
✓ Pulled
✗ Detected 23 vulnerable packages with a total of 39 vulnerabilities
...
✗ HIGH CVE-2023-52425
https://scout.docker.com/v/CVE-2023-52425
Affected range : >=2.5.0-1
Fixed version : not fixed
EPSS Score : 0.000510
EPSS Percentile : 0.173680
```
- `EPSS Score` is a floating point number between 0 and 1 representing the probability of exploitation in the wild in the next 30 days (following score publication).
- `EPSS Percentile` is the percentile of the current score, the proportion of all scored vulnerabilities with the same or a lower EPSS score.
You can use the `--epss-score` and `--epss-percentile` flags to filter the output
of `docker scout cves` based on these scores. For example,
to only show vulnerabilities with an EPSS score higher than 0.5:
```console
$ docker scout cves --epss --epss-score 0.5 nginx
✓ SBOM of image already cached, 232 packages indexed
✓ EPSS scores for 2024-03-01 already cached
✗ Detected 1 vulnerable package with 1 vulnerability
...
✗ LOW CVE-2023-44487
https://scout.docker.com/v/CVE-2023-44487
Affected range : >=1.22.1-9
Fixed version : not fixed
EPSS Score : 0.705850
EPSS Percentile : 0.979410
```
EPSS scores are updated on a daily basis.
By default, the latest available score is displayed.
You can use the `--epss-date` flag to manually specify a date
in the format `yyyy-mm-dd` for fetching EPSS scores.
```console
$ docker scout cves --epss --epss-date 2024-01-02 nginx
```
### List vulnerabilities from an SPDX file
The following example shows how to generate a list of vulnerabilities from an SPDX file using `syft`.
```console
$ syft -o spdx-json alpine:3.16.1 | docker scout cves sbom://
✔ Pulled image
✔ Loaded image alpine:3.16.1
✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
├── ✔ Packages [14 packages]
├── ✔ File digests [75 files]
├── ✔ File metadata [75 locations]
└── ✔ Executables [16 executables]
✗ Detected 2 vulnerable packages with a total of 11 vulnerabilities
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

33
data/scout-cli/docker_scout_docker-cli-plugin-hooks.yaml Normal file
View File

@@ -0,0 +1,33 @@
command: docker scout docker-cli-plugin-hooks
short: runs the plugins hooks
long: runs the plugins hooks
usage: docker scout docker-cli-plugin-hooks
pname: docker scout
plink: docker_scout.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

34
data/scout-cli/docker_scout_enroll.yaml Normal file
View File

@@ -0,0 +1,34 @@
command: docker scout enroll
short: Enroll an organization with Docker Scout
long: |
The `docker scout enroll` command enrolls an organization with Docker Scout.
usage: docker scout enroll ORG
pname: docker scout
plink: docker_scout.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

97
data/scout-cli/docker_scout_environment.yaml Normal file
View File

@@ -0,0 +1,97 @@
command: docker scout environment
aliases: docker scout environment, docker scout env
short: Manage environments (experimental)
long: |-
The `docker scout environment` command lists the environments.
If you pass an image reference, the image is recorded to the specified environment.
Once recorded, environments can be referred to by their name. For example,
you can refer to the `production` environment with the `docker scout compare`
command as follows:
```console
$ docker scout compare --to-env production
```
usage: docker scout environment [ENVIRONMENT] [IMAGE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to record
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List existing environments
```console
$ docker scout environment
prod
staging
```
### List images of an environment
```console
$ docker scout environment staging
namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b
namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f
```
### Record an image to an environment, for a specific platform
```console
$ docker scout environment staging namespace/repo:stage-latest --platform linux/amd64
✓ Pulled
✓ Successfully recorded namespace/repo:stage-latest in environment staging
```
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

33
data/scout-cli/docker_scout_help.yaml Normal file
View File

@@ -0,0 +1,33 @@
command: docker scout help
short: Display information about the available commands
long: Display information about the available commands
usage: docker scout help
pname: docker scout
plink: docker_scout.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

40
data/scout-cli/docker_scout_integration.yaml Normal file
View File

@@ -0,0 +1,40 @@
command: docker scout integration
short: Commands to list, configure, and delete Docker Scout integrations
long: Commands to list, configure, and delete Docker Scout integrations
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout integration configure
- docker scout integration delete
- docker scout integration list
clink:
- docker_scout_integration_configure.yaml
- docker_scout_integration_delete.yaml
- docker_scout_integration_list.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

63
data/scout-cli/docker_scout_integration_configure.yaml Normal file
View File

@@ -0,0 +1,63 @@
command: docker scout integration configure
short: Configure or update a new integration configuration
long: |
The docker scout integration configure command creates or updates a new integration configuration for an organization.
usage: docker scout integration configure INTEGRATION
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to create
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: parameter
value_type: stringSlice
default_value: '[]'
description: Integration parameters in the form of --parameter NAME=VALUE
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

53
data/scout-cli/docker_scout_integration_delete.yaml Normal file
View File

@@ -0,0 +1,53 @@
command: docker scout integration delete
short: Delete a new integration configuration
long: |
The docker scout integration delete command deletes a new integration configuration for an organization.
usage: docker scout integration delete INTEGRATION
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to delete
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

53
data/scout-cli/docker_scout_integration_list.yaml Normal file
View File

@@ -0,0 +1,53 @@
command: docker scout integration list
short: List integrations which can be installed
long: |
The docker scout integration list configured integrations for an organization.
usage: docker scout integration list [INTEGRATION]
pname: docker scout integration
plink: docker_scout_integration.yaml
options:
- option: name
value_type: string
description: Name of integration configuration to list
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

140
data/scout-cli/docker_scout_policy.yaml Normal file
View File

@@ -0,0 +1,140 @@
command: docker scout policy
short: |
Evaluate policies against an image and display the policy evaluation results (experimental)
long: |-
The `docker scout policy` command evaluates policies against an image.
The image analysis is uploaded to Docker Scout where policies get evaluated.
The policy evaluation results may take a few minutes to become available.
usage: docker scout policy [IMAGE | REPO]
pname: docker scout
plink: docker_scout.yaml
options:
- option: env
value_type: string
description: Name of the environment to compare to
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: exit-code
shorthand: e
value_type: bool
default_value: "false"
description: Return exit code '2' if policies are not met, '0' otherwise
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-policy
value_type: stringSlice
default_value: '[]'
description: Comma separated list of policies to evaluate
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to pull policy results from
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-env
value_type: string
description: Name of the environment to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: to-latest
value_type: bool
default_value: "false"
description: Latest image processed to compare to
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Evaluate policies against an image and display the results
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1
```
### Evaluate policies against an image for a specific organization
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --org dockerscoutpolicy
```
### Evaluate policies against an image with a specific platform
```console
$ docker scout policy dockerscoutpolicy/customers-api-service:0.0.1 --platform linux/amd64
```
### Compare policy results for a repository in a specific environment
```console
$ docker scout policy dockerscoutpolicy/customers-api-service --to-env production
```
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

117
data/scout-cli/docker_scout_push.yaml Normal file
View File

@@ -0,0 +1,117 @@
command: docker scout push
short: Push an image or image index to Docker Scout
long: |
The `docker scout push` command lets you push an image or analysis result to Docker Scout.
usage: docker scout push IMAGE
pname: docker scout
plink: docker_scout.yaml
options:
- option: author
value_type: string
description: Name of the author of the image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: dry-run
value_type: bool
default_value: "false"
description: Do not push the image but process it
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization to which image will be pushed
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to be pushed
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: sbom
value_type: bool
default_value: "false"
description: Create and upload SBOMs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: secrets
value_type: bool
default_value: "false"
description: Scan for secrets in the image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: timestamp
value_type: string
description: Timestamp of image or tag creation
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Push an image to Docker Scout
```console
$ docker scout push --org my-org registry.example.com/repo:tag
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

232
data/scout-cli/docker_scout_quickview.yaml Normal file
View File

@@ -0,0 +1,232 @@
command: docker scout quickview
aliases: docker scout quickview, docker scout qv
short: Quick overview of an image
long: |-
The `docker scout quickview` command displays a quick overview of an image.
It displays a summary of the vulnerabilities in the specified image
and vulnerabilities from the base image.
If available, it also displays base image refresh and update recommendations.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file
In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input.
usage: docker scout quickview [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: env
value_type: string
description: Name of the environment
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ignore-suppressed
value_type: bool
default_value: "false"
description: |
Filter CVEs found in Scout exceptions based on the specified exception scope
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: latest
value_type: bool
default_value: "false"
description: Latest indexed image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-policy
value_type: stringSlice
default_value: '[]'
description: Comma separated list of policies to evaluate
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-vex-affected
value_type: bool
default_value: "false"
description: Filter CVEs by VEX statements with status not affected
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: stream
value_type: string
description: Name of stream
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex
value_type: bool
default_value: "false"
description: Apply VEX statements to filter CVEs
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex-author
value_type: stringSlice
default_value: '[<.*@docker.com>]'
description: List of VEX statement authors to accept
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: vex-location
value_type: stringSlice
default_value: '[]'
description: File location of directory or file containing VEX statements
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Quick overview of an image
```console
$ docker scout quickview golang:1.19.4
...Pulling
✓ Pulled
✓ SBOM of image already cached, 278 packages indexed
Your image golang:1.19.4 │ 5C 3H 6M 63L
Base image buildpack-deps:bullseye-scm │ 5C 1H 3M 48L 6?
Refreshed base image buildpack-deps:bullseye-scm │ 0C 0H 0M 42L
│ -5 -1 -3 -6 -6
Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L
│ -5 -1 -2 -19 -6
```
### Quick overview of the most recently built image
```console
$ docker scout qv
```
### Quick overview from an SPDX file
```console
$ syft -o spdx-json alpine:3.16.1 | docker scout quickview sbom://
✔ Loaded image alpine:3.16.1
✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d
✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f
├── ✔ Packages [14 packages]
├── ✔ File digests [75 files]
├── ✔ File metadata [75 locations]
└── ✔ Executables [16 executables]
Target │ <stdin> │ 1C 2H 8M 0L
digest │ 274a317d88b5 │
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

149
data/scout-cli/docker_scout_recommendations.yaml Normal file
View File

@@ -0,0 +1,149 @@
command: docker scout recommendations
short: Display available base image updates and remediation recommendations
long: |-
The `docker scout recommendations` command display recommendations for base images updates.
It analyzes the image and display recommendations to refresh or update the base image.
For each recommendation it shows a list of benefits, such as
fewer vulnerabilities or smaller image size.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
usage: docker scout recommendations [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: only-refresh
value_type: bool
default_value: "false"
description: Only display base image refresh recommendations
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-update
value_type: bool
default_value: "false"
description: Only display base image update recommendations
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: tag
value_type: string
description: Specify tag
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Display base image update recommendations
```console
$ docker scout recommendations golang:1.19.4
```
### Display base image refresh only recommendations
```console
$ docker scout recommendations --only-refresh golang:1.19.4
```
### Display base image update only recommendations
```console
$ docker scout recommendations --only-update golang:1.19.4
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

40
data/scout-cli/docker_scout_repo.yaml Normal file
View File

@@ -0,0 +1,40 @@
command: docker scout repo
short: Commands to list, enable, and disable Docker Scout on repositories
long: Commands to list, enable, and disable Docker Scout on repositories
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout repo disable
- docker scout repo enable
- docker scout repo list
clink:
- docker_scout_repo_disable.yaml
- docker_scout_repo_enable.yaml
- docker_scout_repo_list.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

106
data/scout-cli/docker_scout_repo_disable.yaml Normal file
View File

@@ -0,0 +1,106 @@
command: docker scout repo disable
short: Disable Docker Scout
long: |
The docker scout repo disable command disables Docker Scout on repositories.
usage: docker scout repo disable [REPOSITORY]
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
- option: all
value_type: bool
default_value: "false"
description: |
Disable all repositories of the organization. Can not be used with --filter.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: filter
value_type: string
description: Regular expression to filter repositories by name
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: integration
value_type: string
description: Name of the integration to use for enabling an image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Container Registry
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Disable a specific repository
```console
$ docker scout repo disable my/repository
```
### Disable all repositories of the organization
```console
$ docker scout repo disable --all
```
### Disable some repositories based on a filter
```console
$ docker scout repo disable --filter namespace/backend
```
### Disable a repository from a specific registry
```console
$ docker scout repo disable my/repository --registry 123456.dkr.ecr.us-east-1.amazonaws.com
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

105
data/scout-cli/docker_scout_repo_enable.yaml Normal file
View File

@@ -0,0 +1,105 @@
command: docker scout repo enable
short: Enable Docker Scout
long: The docker scout repo enable command enables Docker Scout on repositories.
usage: docker scout repo enable [REPOSITORY]
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
- option: all
value_type: bool
default_value: "false"
description: |
Enable all repositories of the organization. Can not be used with --filter.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: filter
value_type: string
description: Regular expression to filter repositories by name
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: integration
value_type: string
description: Name of the integration to use for enabling an image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Container Registry
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Enable a specific repository
```console
$ docker scout repo enable my/repository
```
### Enable all repositories of the organization
```console
$ docker scout repo enable --all
```
### Enable some repositories based on a filter
```console
$ docker scout repo enable --filter namespace/backend
```
### Enable a repository from a specific registry
```console
$ docker scout repo enable my/repository --registry 123456.dkr.ecr.us-east-1.amazonaws.com
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

87
data/scout-cli/docker_scout_repo_list.yaml Normal file
View File

@@ -0,0 +1,87 @@
command: docker scout repo list
short: List Docker Scout repositories
long: |-
The docker scout repo list command shows all repositories in an organization.
If ORG is not provided the default configured organization will be used.
usage: docker scout repo list
pname: docker scout repo
plink: docker_scout_repo.yaml
options:
- option: filter
value_type: string
description: Regular expression to filter repositories by name
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-disabled
value_type: bool
default_value: "false"
description: Filter to disabled repositories only
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-enabled
value_type: bool
default_value: "false"
description: Filter to enabled repositories only
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-registry
value_type: string
description: |-
Filter to a specific registry only:
- hub.docker.com
- ecr (AWS ECR)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

162
data/scout-cli/docker_scout_sbom.yaml Normal file
View File

@@ -0,0 +1,162 @@
command: docker scout sbom
short: Generate or display SBOM of an image
long: |-
The `docker scout sbom` command analyzes a software artifact to generate a
Software Bill Of Materials (SBOM).
The SBOM contains a list of all packages in the image.
You can use the `--format` flag to filter the output of the command
to display only packages of a specific type.
If no image is specified, the most recently built image is used.
The following artifact types are supported:
- Images
- OCI layout directories
- Tarball archives, as created by `docker save`
- Local directory or file
By default, the tool expects an image reference, such as:
- `redis`
- `curlimages/curl:7.87.0`
- `mcr.microsoft.com/dotnet/runtime:7.0`
If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
- `image://` (default) use a local image, or fall back to a registry lookup
- `local://` use an image from the local image store (don't do a registry lookup)
- `registry://` use an image from a registry (don't use a local image)
- `oci-dir://` use an OCI layout directory
- `archive://` use a tarball archive, as created by `docker save`
- `fs://` use a local directory or file
usage: docker scout sbom [IMAGE|DIRECTORY|ARCHIVE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: format
value_type: string
default_value: json
description: |-
Output format:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM
- cyclonedx: cyclone dx representation of the SBOM
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: only-package-type
value_type: stringSlice
default_value: '[]'
description: |-
Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
Can only be used with --format list
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: secrets
value_type: bool
default_value: "false"
description: Scan for secrets in the image
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Display the list of packages
```console
$ docker scout sbom --format list alpine
```
### Only display packages of a specific type
```console
$ docker scout sbom --format list --only-package-type apk alpine
```
### Display the full SBOM in JSON format
```console
$ docker scout sbom alpine
```
### Display the full SBOM of the most recently built image
```console
$ docker scout sbom
```
### Write SBOM to a file
```console
$ docker scout sbom --output alpine.sbom alpine
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

89
data/scout-cli/docker_scout_stream.yaml Normal file
View File

@@ -0,0 +1,89 @@
command: docker scout stream
short: Manage streams (experimental)
long: |-
The `docker scout stream` command lists the deployment streams and records an image to it.
Once recorded, streams can be referred to by their name, eg. in the `docker scout compare` command using `--to-stream`.
usage: docker scout stream [STREAM] [IMAGE]
pname: docker scout
plink: docker_scout.yaml
options:
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to record
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List existing streams
```console
$ %[1]s %[2]s
prod-cluster-123
stage-cluster-234
```
### List images of a stream
```console
$ %[1]s %[2]s prod-cluster-123
namespace/repo:tag@sha256:9a4df4fadc9bbd44c345e473e0688c2066a6583d4741679494ba9228cfd93e1b
namespace/other-repo:tag@sha256:0001d6ce124855b0a158569c584162097fe0ca8d72519067c2c8e3ce407c580f
```
### Record an image to a stream, for a specific platform
```console
$ %[1]s %[2]s stage-cluster-234 namespace/repo:stage-latest --platform linux/amd64
✓ Pulled
✓ Successfully recorded namespace/repo:stage-latest in stream stage-cluster-234
```
deprecated: true
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

58
data/scout-cli/docker_scout_version.yaml Normal file
View File

@@ -0,0 +1,58 @@
command: docker scout version
short: Show Docker Scout version information
long: Show Docker Scout version information
usage: docker scout version
pname: docker scout
plink: docker_scout.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
```console
$ docker scout version
⢀⢀⢀ ⣀⣀⡤⣔⢖⣖⢽⢝
⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀ ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅
⡜⡜⡜⡜⡜⡜⠜⠈⠈ ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺
⢘⢜⢜⢜⢜⠜ ⠈⠪⡳⡵⣹⡪⠇
⠨⡪⡪⡪⠂ ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀ ⠘⢝⢮⡚ _____ _
⠱⡱⠁ ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦ ⠘⡵⠁ / ____| Docker | |
⠁ ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣ ⠁ | (___ ___ ___ _ _| |_
⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳ \___ \ / __/ _ \| | | | __|
⢀ ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏ ⡀ ____) | (_| (_) | |_| | |_
⢀⢾⠄ ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝ ⢠⢣⢂ |_____/ \___\___/ \__,_|\__|
⡼⣕⢗⡄ ⠈⠓⠝⢮⡳⣝⠮⠳⠙ ⢠⢢⢣⢣
⢰⡫⡮⡳⣝⢦⡀ ⢀⢔⢕⢕⢕⢕⠅
⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀ ⡀⡠⡢⡣⡣⡣⡣⡣⡃
⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁ ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈
⡯⡳⠳⠝⠊⠓⠉ ⠈⠈⠈⠈
version: v1.0.9 (go1.21.3 - darwin/arm64)
git commit: 8bf95bf60d084af341f70e8263342f71b0a3cd16
```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

37
data/scout-cli/docker_scout_vex.yaml Normal file
View File

@@ -0,0 +1,37 @@
command: docker scout vex
aliases: docker scout vex, docker scout vex
short: Manage VEX attestations on images
long: Manage VEX attestations on images
pname: docker scout
plink: docker_scout.yaml
cname:
- docker scout vex get
clink:
- docker_scout_vex_get.yaml
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

103
data/scout-cli/docker_scout_vex_get.yaml Normal file
View File

@@ -0,0 +1,103 @@
command: docker scout vex get
short: Get VEX attestation for image
long: The docker scout vex get command gets a VEX attestation for images.
usage: docker scout vex get OPTIONS IMAGE
pname: docker scout vex
plink: docker_scout_vex.yaml
options:
- option: key
value_type: string
default_value: https://registry.scout.docker.com/keyring/dhi/latest.pub
description: Signature key to use for verification
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: output
shorthand: o
value_type: string
description: Write the report to a file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: Platform of image to analyze
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ref
value_type: string
description: |-
Reference to use if the provided tarball contains multiple references.
Can only be used with archive
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: skip-tlog
value_type: bool
default_value: "false"
description: Skip signature verification against public transaction log
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verify
value_type: bool
default_value: "false"
description: Verify the signature on the attestation
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false

137
data/scout-cli/docker_scout_watch.yaml Normal file
View File

@@ -0,0 +1,137 @@
command: docker scout watch
short: |
Watch repositories in a registry and push images and indexes to Docker Scout
long: |
The docker scout watch command watches repositories in a registry and pushes images or image indexes to Docker Scout.
usage: docker scout watch
pname: docker scout
plink: docker_scout.yaml
options:
- option: all-images
value_type: bool
default_value: "false"
description: |
Push all images instead of only the ones pushed during the watch command is running
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: dry-run
value_type: bool
default_value: "false"
description: Watch images and prepare them, but do not push them
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: interval
value_type: int64
default_value: "60"
description: Interval in seconds between checks
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: org
value_type: string
description: Namespace of the Docker organization to which image will be pushed
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: refresh-registry
value_type: bool
default_value: "false"
description: |
Refresh the list of repositories of a registry at every run. Only with --registry.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: registry
value_type: string
description: Registry to watch
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: repository
value_type: stringSlice
default_value: '[]'
description: Repository to watch
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: sbom
value_type: bool
default_value: "true"
description: Create and upload SBOMs
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: tag
value_type: stringSlice
default_value: '[]'
description: Regular expression to match tags to watch
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: workers
value_type: int
default_value: "3"
description: Number of concurrent workers
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
value_type: bool
default_value: "false"
description: Debug messages
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: verbose-debug
value_type: bool
default_value: "false"
description: Verbose debug
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: " Watch for new images from two repositories and push them\n $ docker scout watch --org my-org --repository registry-1.example.com/repo-1 --repository registry-2.example.com/repo-2\e[0m\n\n Only push images with a specific tag\n $ docker scout watch --org my-org --repository registry.example.com/my-service --tag latest\e[0m\n\n Watch all repositories of a registry\n $ docker scout watch --org my-org --registry registry.example.com\e[0m\n\n Push all images and not just the new ones\n $ docker scout watch --org my-org --repository registry.example.com/my-service --all-images\e[0m"
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false