---
title: Docker Scout image analysis
description:
Docker Scout image analysis provides a detailed view into the composition of
your images and the vulnerabilities that they contain
keywords: scout, scanning, vulnerabilities, supply chain, security, analysis
aliases:
- /scout/advanced-image-analysis/
- /scout/image-analysis/
---
When you activate image analysis for a repository,
Docker Scout automatically analyzes new images that you push to that repository.
Image analysis extracts the Software Bill of Material (SBOM)
and other image metadata,and evaluates it against vulnerability data from
[security advisories](/manuals/scout/deep-dive/advisory-db-sources.md).
If you run image analysis as a one-off task using the CLI or Docker Desktop,
Docker Scout won't store any data about your image.
If you enable Docker Scout for your container image repositories however,
Docker Scout saves a metadata snapshot of your images after the analysis.
As new vulnerability data becomes available, Docker Scout recalibrates the analysis using the metadata snapshot, which means your security status for images is updated in real-time.
This dynamic evaluation means there's no need to re-analyze images when new CVE information is disclosed.
Docker Scout image analysis is available by default for Docker Hub repositories.
You can also integrate third-party registries and other services. To learn more,
see [Integrating Docker Scout with other systems](/manuals/scout/integrations/_index.md).
## Activate Docker Scout on a repository
Docker Personal comes with 1 Scout-enabled repository. You can upgrade your
Docker subscription if you need additional repositories.
See [Subscriptions and features](../../subscription/details.md)
to learn how many Scout-enabled
repositories come with each subscription tier.
Before you can activate image analysis on a repository in a third-party registry,
the registry must be integrated with Docker Scout for your Docker organization.
Docker Hub is integrated by default. For more information, see
See [Container registry integrations](/manuals/scout/integrations/_index.md#container-registries)
> [!NOTE]
>
> You must have the **Editor** or **Owner** role in the Docker organization to
> activate image analysis on a repository.
To activate image analysis:
1. Go to [Repository settings](https://scout.docker.com/settings/repos) in the Docker Scout Dashboard.
2. Select the repositories that you want to enable.
3. Select **Enable image analysis**.
If your repositories already contain images,
Docker Scout pulls and analyzes the latest images automatically.
## Analyze registry images
To trigger image analysis for an image in a registry, push the image to a
registry that's integrated with Docker Scout, to a repository where image
analysis is activated.
> [!NOTE]
>
> Image analysis on the Docker Scout platform has a maximum image file size
> limit of 10 GB, unless the image has an SBOM attestation.
> See [Maximum image size](#maximum-image-size).
1. Sign in with your Docker ID, either using the `docker login` command or the
**Sign in** button in Docker Desktop.
2. Build and push the image that you want to analyze.
```console
$ docker build --push --tag <org>/<image:tag> --provenance=true --sbom=true .
```
Building with the `--provenance=true` and `--sbom=true` flags attaches
[build attestations](/manuals/build/metadata/attestations/_index.md) to the image. Docker
Scout uses attestations to provide more fine-grained analysis results.
> [!NOTE]
>
> The default `docker` driver only supports build attestations if you use the
> [containerd image store](/manuals/desktop/features/containerd.md).
3. Go to the [Images page](https://scout.docker.com/reports/images) in the Docker Scout Dashboard.
The image appears in the list shortly after you push it to the registry.
It may take a few minutes for the analysis results to appear.
## Analyze images locally
You can analyze local images with Docker Scout using Docker Desktop or the