command: docker scout watch
short: |
    Watch repositories in a registry and push images and indexes to Docker Scout
long: |
    The docker scout watch command watches repositories in a registry and pushes images or image indexes to Docker Scout.
usage: docker scout watch
pname: docker scout
plink: docker_scout.yaml
options:
    - option: all-images
      value_type: bool
      default_value: "false"
      description: |
        Push all images instead of only the ones pushed during the watch command is running
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: dry-run
      value_type: bool
      default_value: "false"
      description: Watch images and prepare them, but do not push them
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: interval
      value_type: int64
      default_value: "60"
      description: Interval in seconds between checks
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: org
      value_type: string
      description: Namespace of the Docker organization to which image will be pushed
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: refresh-registry
      value_type: bool
      default_value: "false"
      description: |
        Refresh the list of repositories of a registry at every run. Only with --registry.
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: registry
      value_type: string
      description: Registry to watch
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: repository
      value_type: stringSlice
      default_value: '[]'
      description: Repository to watch
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: sbom
      value_type: bool
      default_value: "true"
      description: Create and upload SBOMs
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: tag
      value_type: stringSlice
      default_value: '[]'
      description: Regular expression to match tags to watch
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: workers
      value_type: int
      default_value: "3"
      description: Number of concurrent workers
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
inherited_options:
    - option: debug
      value_type: bool
      default_value: "false"
      description: Debug messages
      deprecated: false
      hidden: true
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: verbose-debug
      value_type: bool
      default_value: "false"
      description: Verbose debug
      deprecated: false
      hidden: true
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
examples: |-
    ### Watch for new images from two repositories and push them

    ```console
    $ docker scout watch --org my-org --repository registry-1.example.com/repo-1 --repository registry-2.example.com/repo-2
    ```

    ### Only push images with a specific tag

    ```console
    $ docker scout watch --org my-org --repository registry.example.com/my-service --tag latest
    ```

    ### Watch all repositories of a registry

    ```console
    $ docker scout watch --org my-org --registry registry.example.com
    ```

    ### Push all images and not just the new ones

    ```console
    $ docker scout watch --org my-org --repository registry.example.com/my-service --all-images
    ```

    ### Configure Artifactory integration

    The following example creates a web hook endpoint for Artifactory to push new
    image events into:

    ```console
    $ export DOCKER_SCOUT_ARTIFACTORY_API_USER=user
    $ export DOCKER_SCOUT_ARTIFACTORY_API_PASSWORD=password
    $ export DOCKER_SCOUT_ARTIFACTORY_WEBHOOK_SECRET=foo

    $ docker scout watch --registry "type=artifactory,registry=example.jfrog.io,api=https://example.jfrog.io/artifactory,include=*/frontend*,exclude=*/dta/*,repository=docker-local,port=9000,subdomain-mode=true" --refresh-registry
    ```

    This will launch an HTTP server on port `9000` that will receive all `component` web
    hook events, optionally validating the HMAC signature.

    ### Configure Harbor integration

    The following example creates a web hook endpoint for Harbor to push new image
    events into:

    ```console
    $ export DOCKER_SCOUT_HARBOR_API_USER=admin
    $ export DOCKER_SCOUT_HARBOR_API_PASSWORD=password
    $ export DOCKER_SCOUT_HARBOR_WEBHOOK_AUTH="token foo"

    $ docker scout watch --registry 'type=harbor,registry=demo.goharbor.io,api=https://demo.goharbor.io,include=*/foo/*,exclude=*/bar/*,port=9000' --refresh-registry
    ```

    This will launch an HTTP server on port `9000` that will receive all `component` web
    hook events, optionally validating the HMAC signature.

    ### Configure Nexus integration

    The following example shows how to configure Sonartype Nexus integration:

    ```console
    $ export DOCKER_SCOUT_NEXUS_API_USER=admin
    $ export DOCKER_SCOUT_NEXUS_API_PASSWORD=admin124

    $ docker scout watch --registry 'type=nexus,registry=localhost:8082,api=http://localhost:8081,include=*/foo/*,exclude=*/bar/*,"repository=docker-test1,docker-test2"' --refresh-registry
    ```

    This ingests all images and tags in Nexus repositories called `docker-test1`
    and `docker-test2` that match the `*/foo/*` include and `*/bar/*` exclude glob
    pattern.

    You can also create a web hook endpoint for Nexus to push new image events into:

    ```console
    $ export DOCKER_SCOUT_NEXUS_API_USER=admin
    $ export DOCKER_SCOUT_NEXUS_API_PASSWORD=admin124
    $ export DOCKER_SCOUT_NEXUS_WEBHOOK_SECRET=mysecret

    $ docker scout watch --registry 'type=nexus,registry=localhost:8082,api=http://localhost:8081,include=*/foo/*,exclude=*/bar/*,"repository=docker-test1,docker-test2",port=9000' --refresh-registry
    ```

    This will launch an HTTP server on port `9000` that will receive all `component` web
    hook events, optionally validating the HMAC signature.

    ### Configure integration for other OCI registries

    The following example shows how to integrate an OCI registry that implements the
    `_catalog` endpoint:

    ```console
    $ docker scout watch --registry 'type=oci,registry=registry.example.com,include=*/scout-artifact-registry/*'
    ```
deprecated: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false