command: docker scout quickview aliases: docker scout quickview, docker scout qv short: Quick overview of an image long: |- The `docker scout quickview` command displays a quick overview of an image. It displays a summary of the vulnerabilities in the specified image and vulnerabilities from the base image. If available, it also displays base image refresh and update recommendations. If no image is specified, the most recently built image is used. The following artifact types are supported: - Images - OCI layout directories - Tarball archives, as created by `docker save` - Local directory or file By default, the tool expects an image reference, such as: - `redis` - `curlimages/curl:7.87.0` - `mcr.microsoft.com/dotnet/runtime:7.0` If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory, or if you want to control from where the image will be resolved, you must prefix the reference with one of the following: - `image://` (default) use a local image, or fall back to a registry lookup - `local://` use an image from the local image store (don't do a registry lookup) - `registry://` use an image from a registry (don't use a local image) - `oci-dir://` use an OCI layout directory - `archive://` use a tarball archive, as created by `docker save` - `fs://` use a local directory or file - `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file In case of `sbom://` prefix, if the file is not defined then it will try to read it from the standard input. usage: docker scout quickview [IMAGE|DIRECTORY|ARCHIVE] pname: docker scout plink: docker_scout.yaml options: - option: env value_type: string description: Name of the environment deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: ignore-suppressed value_type: bool default_value: "false" description: | Filter CVEs found in Scout exceptions based on the specified exception scope deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: latest value_type: bool default_value: "false" description: Latest indexed image deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: only-policy value_type: stringSlice default_value: '[]' description: Comma separated list of policies to evaluate deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: only-vex-affected value_type: bool default_value: "false" description: Filter CVEs by VEX statements with status not affected deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: org value_type: string description: Namespace of the Docker organization deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: output shorthand: o value_type: string description: Write the report to a file deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: platform value_type: string description: Platform of image to analyze deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: ref value_type: string description: |- Reference to use if the provided tarball contains multiple references. Can only be used with archive deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: stream value_type: string description: Name of stream deprecated: true hidden: true experimental: false experimentalcli: false kubernetes: false swarm: false - option: vex value_type: bool default_value: "false" description: Apply VEX statements to filter CVEs deprecated: true hidden: true experimental: false experimentalcli: false kubernetes: false swarm: false - option: vex-author value_type: stringSlice default_value: '[<.*@docker.com>]' description: List of VEX statement authors to accept deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: vex-location value_type: stringSlice default_value: '[]' description: File location of directory or file containing VEX statements deprecated: false hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false inherited_options: - option: debug value_type: bool default_value: "false" description: Debug messages deprecated: false hidden: true experimental: false experimentalcli: false kubernetes: false swarm: false - option: verbose-debug value_type: bool default_value: "false" description: Verbose debug deprecated: false hidden: true experimental: false experimentalcli: false kubernetes: false swarm: false examples: |- ### Quick overview of an image ```console $ docker scout quickview golang:1.19.4 ...Pulling ✓ Pulled ✓ SBOM of image already cached, 278 packages indexed Your image golang:1.19.4 │ 5C 3H 6M 63L Base image buildpack-deps:bullseye-scm │ 5C 1H 3M 48L 6? Refreshed base image buildpack-deps:bullseye-scm │ 0C 0H 0M 42L │ -5 -1 -3 -6 -6 Updated base image buildpack-deps:sid-scm │ 0C 0H 1M 29L │ -5 -1 -2 -19 -6 ``` ### Quick overview of the most recently built image ```console $ docker scout qv ``` ### Quick overview from an SPDX file ```console $ syft -o spdx-json alpine:3.16.1 | docker scout quickview sbom:// ✔ Loaded image alpine:3.16.1 ✔ Parsed image sha256:3d81c46cd8756ddb6db9ec36fa06a6fb71c287fb265232ba516739dc67a5f07d ✔ Cataloged contents 274a317d88b54f9e67799244a1250cad3fe7080f45249fa9167d1f871218d35f ├── ✔ Packages [14 packages] ├── ✔ File digests [75 files] ├── ✔ File metadata [75 locations] └── ✔ Executables [16 executables] Target │ │ 1C 2H 8M 0L digest │ 274a317d88b5 │ ``` deprecated: false experimental: false experimentalcli: false kubernetes: false swarm: false