Skip to content

Commit

Permalink
Merge pull request #30 from docker/v0.22.3
Browse files Browse the repository at this point in the history 
Publish v0.22.3 release
  • Loading branch information
@eunomie
eunomie authored Aug 4, 2023
2 parents 72dfee4 + 63cca47 commit 160ffbe
Show file tree
Hide file tree
Showing 10 changed files with 73 additions and 26 deletions.
6 changes: 0 additions & 6 deletions dist/docker-scout_0.22.2_checksums.txt
View file

This file was deleted.

6 changes: 6 additions & 0 deletions dist/docker-scout_0.22.3_checksums.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
0a122b736906ba9ad77d1a28acb51298221402d8c2f6ffa24e9f205d5b7bc035 docker-scout_0.22.3_windows_arm64.zip
19fda5a2268707b238f389f0b41b412e816f4b161c33658fca43491e04962a24 docker-scout_0.22.3_linux_amd64.tar.gz
327a9dcc363ae7edce190bb8c4e921bcada2e25937e74d331e27564ff6559859 docker-scout_0.22.3_linux_arm64.tar.gz
4360064312e18efda31ad3467bf12d6df9028f16edcd6e30d24435141ea3e84e docker-scout_0.22.3_darwin_arm64.tar.gz
91dd8d1ae92eba59285a4367ba6a5bbae0ecc3474a23704daca4da80b61604d3 docker-scout_0.22.3_darwin_amd64.tar.gz
b335f3078a64995485d4a44b56d97c546aa5d1103998bde801d424f63ba4997a docker-scout_0.22.3_windows_amd64.zip
Binary file renamed dist/docker-scout_0.22.2_darwin_amd64.tar.gz → dist/docker-scout_0.22.3_darwin_amd64.tar.gz
View file
Binary file not shown.
Binary file renamed dist/docker-scout_0.22.2_darwin_arm64.tar.gz → dist/docker-scout_0.22.3_darwin_arm64.tar.gz
View file
Binary file not shown.
Binary file renamed dist/docker-scout_0.22.2_linux_amd64.tar.gz → dist/docker-scout_0.22.3_linux_amd64.tar.gz
View file
Binary file not shown.
Binary file renamed dist/docker-scout_0.22.2_linux_arm64.tar.gz → dist/docker-scout_0.22.3_linux_arm64.tar.gz
View file
Binary file not shown.
Binary file renamed dist/docker-scout_0.22.2_windows_amd64.zip → dist/docker-scout_0.22.3_windows_amd64.zip
View file
Binary file not shown.
Binary file renamed dist/docker-scout_0.22.2_windows_arm64.zip → dist/docker-scout_0.22.3_windows_arm64.zip
View file
Binary file not shown.
25 changes: 24 additions & 1 deletion docs/docker_scout_cves.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ options:
Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- markdown: markdown output
- markdown: markdown output (including some html tags like collapsible sections)
deprecated: false
hidden: false
experimental: false
Expand Down Expand Up @@ -261,6 +261,29 @@ examples: |-
✓ No vulnerable package detected
✓ Report written to alpine.sarif.json
```
### Display markdown output
The markdown output also contains HTML tags to have a better rendering. This output can be used for instance in Pull Request comments.
```console
$ docker scout cves --format markdown alpine
✓ Pulled
✓ SBOM of image already cached, 19 packages indexed
✗ Detected 1 vulnerable package with 3 vulnerabilities
<h2>:mag: Vulnerabilities of <code>alpine</code></h2>
<details open="true"><summary>:package: Image Reference</strong> <code>alpine</code></summary>
<table>
<tr><td>digest</td><td><code>sha256:e3bd82196e98898cae9fe7fbfd6e2436530485974dc4fb3b7ddb69134eda2407</code></td><tr><tr><td>vulnerabilities</td><td><img alt="critical: 0" src="https://img.shields.io/badge/critical-0-lightgrey"/> <img alt="high: 0" src="https://img.shields.io/badge/high-0-lightgrey"/> <img alt="medium: 2" src="https://img.shields.io/badge/medium-2-fbb552"/> <img alt="low: 0" src="https://img.shields.io/badge/low-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/unspecified-1-lightgrey"/></td></tr>
<tr><td>platform</td><td>linux/arm64</td></tr>
<tr><td>size</td><td>3.3 MB</td></tr>
<tr><td>packages</td><td>19</td></tr>
</table>
</details></table>
</details>
...
```
deprecated: false
experimental: false
experimentalcli: false
Expand Down
62 changes: 43 additions & 19 deletions docs/scout_cves.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,25 +9,25 @@ Display CVEs identified in a software artifact

### Options

| Name | Type | Default | Description |
|:----------------------|:--------------|:-----------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--details` | | | Print details on default text output |
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- markdown: markdown output<br> |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--locations` | | | Print package locations including file paths and layer diff_id |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
| `--only-fixed` | | | Filter to fixable CVEs |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
| `--only-unfixed` | | | Filter to unfixed CVEs |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. |
| `--stream` | `string` | | Name of stream |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br> |
| Name | Type | Default | Description |
|:----------------------|:--------------|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--details` | | | Print details on default text output |
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- markdown: markdown output (including some html tags like collapsible sections)<br> |
| `--ignore-base` | | | Filter out CVEs introduced from base image |
| `--locations` | | | Print package locations including file paths and layer diff_id |
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
| `--only-fixed` | | | Filter to fixable CVEs |
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
| `--only-unfixed` | | | Filter to unfixed CVEs |
| `-o`, `--output` | `string` | | Write the report to a file. |
| `--platform` | `string` | | Platform of image to analyze |
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with --type archive. |
| `--stream` | `string` | | Name of stream |
| `--type` | `string` | `image` | Type of the image to analyze. Can be one of:<br>- image<br>- oci-dir<br>- archive (docker save tarball)<br> |


<!---MARKER_GEN_END-->
Expand Down Expand Up @@ -100,3 +100,27 @@ Analyzing image alpine
✓ No vulnerable package detected
✓ Report written to alpine.sarif.json
```

### Display markdown output

The markdown output also contains HTML tags to have a better rendering. This output can be used for instance in Pull Request comments.

```console
$ docker scout cves --format markdown alpine
✓ Pulled
✓ SBOM of image already cached, 19 packages indexed
✗ Detected 1 vulnerable package with 3 vulnerabilities
<h2>:mag: Vulnerabilities of <code>alpine</code></h2>

<details open="true"><summary>:package: Image Reference</strong> <code>alpine</code></summary>
<table>
<tr><td>digest</td><td><code>sha256:e3bd82196e98898cae9fe7fbfd6e2436530485974dc4fb3b7ddb69134eda2407</code></td><tr><tr><td>vulnerabilities</td><td><img alt="critical: 0" src="https://img.shields.io/badge/critical-0-lightgrey"/> <img alt="high: 0" src="https://img.shields.io/badge/high-0-lightgrey"/> <img alt="medium: 2" src="https://img.shields.io/badge/medium-2-fbb552"/> <img alt="low: 0" src="https://img.shields.io/badge/low-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/unspecified-1-lightgrey"/></td></tr>
<tr><td>platform</td><td>linux/arm64</td></tr>
<tr><td>size</td><td>3.3 MB</td></tr>
<tr><td>packages</td><td>19</td></tr>
</table>
</details></table>
</details>
...
```

0 comments on commit 160ffbe

Please sign in to comment.