Viewing Results in the Docker Scout Dashboard and Next Steps

built so that it can provide a better evaluation result. Before you can build an image with attestations, you must enable the [containerd image store](/manuals/desktop/features/containerd.md) (or create a custom builder using the `docker-container` driver). The classic image store doesn't support manifest lists, which is how the provenance attestations are attached to an image. Open **Settings** in Docker Desktop. Under the **General** section, make sure that the **Use containerd for pulling and storing images** option is checked, then select **Apply & Restart**. Note that changing image stores temporarily hides images and containers of the inactive image store until you switch back. With the containerd image store enabled, rebuild the image with a new `v3` tag. This time, add the `--provenance=true` and `--sbom=true` flags. ```console $ docker build --provenance=true --sbom=true --push -t <ORG_NAME>/scout-demo:v3 . ``` ## Step 7: View in Dashboard After pushing the updated image with attestations, it's time to view the results through a different lens: the Docker Scout Dashboard. 1. Open the [Docker Scout Dashboard](https://scout.docker.com/). 2. Sign in with your Docker account. 3. Select **Images** in the left-hand navigation. The images page lists your Scout-enabled repositories. Select the row for the image you want to view, anywhere in the row except on a link, to open the **Image details** sidebar. The sidebar shows a compliance overview for the last pushed tag of a repository. > [!NOTE] > > If policy results haven't appeared yet, try refreshing the page. > It might take a few minutes before the results appear if this is your > first time using the Docker Scout Dashboard. Go back to the image list and select the image version, available in the **Most recent image** column. Then, at the top right of the page, select the **Update base image** button to inspect the policy. This policy checks whether base images you use are up-to-date. It currently has a non-compliant status, because the example image uses an old version `alpine` as a base image. Close the **Recommended fixes for base image** modal. In the policy listing, select **View fixes** button, next to the policy name for details about the violation, and recommendations on how to address it. In this case, the recommended action is to enable [Docker Scout's GitHub integration](./integrations/source-code-management/github.md), which helps keep your base images up-to-date automatically. > [!TIP] > > You can't enable this integration for the demo app used in this guide. > Feel free to push the code to a GitHub repository that you own, > and try out the integration there! ## Summary This quickstart guide has scratched the surface on some of the ways Docker Scout can support software supply chain management: - How to enable Docker Scout for your repositories - Analyzing images for vulnerabilities - Policy and compliance - Fixing vulnerabilities and improving compliance ## What's next? There's lots more to discover, from third-party integrations, to policy customization, and runtime environment monitoring in real-time. Check out the following sections: - [Image analysis](/manuals/scout/explore/analysis.md) - [Data sources](/scout/advisory-db-sources) - [Docker Scout Dashboard](/scout/dashboard) - [Integrations](./integrations/_index.md) - [Policy evaluation](./policy/_index.md)

After rebuilding the image with attestations, you can view the results in the Docker Scout Dashboard. Navigate to the images page and select an image to see a compliance overview. The dashboard allows you to inspect policies, such as checking for outdated base images, and provides recommendations for improvement. This quickstart guide covered enabling Docker Scout, analyzing images for vulnerabilities, and using policy and compliance features. Next steps include exploring image analysis, data sources, the Docker Scout Dashboard, integrations, and policy evaluation.