Home Explore Blog Models CI



docker
1st chunk of `_vendor/github.com/docker/scout-cli/docs/scout_cves.md`
1f9870ab20d12fcdda68f5a44bd74470ef1ce664b26f7f24000000010000104a
# docker scout cves

```
docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
```

<!---MARKER_GEN_START-->
Display CVEs identified in a software artifact

### Options

| Name                   | Type          | Default    | Description                                                                                                                                                                                                                                                                                                                                           |
|:-----------------------|:--------------|:-----------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--details`            |               |            | Print details on default text output                                                                                                                                                                                                                                                                                                                  |
| `--env`                | `string`      |            | Name of environment                                                                                                                                                                                                                                                                                                                                   |
| [`--epss`](#epss)      |               |            | Display the EPSS scores and organize the package's CVEs according to their EPSS score                                                                                                                                                                                                                                                                 |
| `--epss-percentile`    | `float32`     | `0`        | Exclude CVEs with EPSS scores less than the specified percentile (0 to 1)                                                                                                                                                                                                                                                                             |
| `--epss-score`         | `float32`     | `0`        | Exclude CVEs with EPSS scores less than the specified value (0 to 1)                                                                                                                                                                                                                                                                                  |
| `-e`, `--exit-code`    |               |            | Return exit code '2' if vulnerabilities are detected                                                                                                                                                                                                                                                                                                  |
| `--format`             | `string`      | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- spdx: json SPDX output<br>- gitlab: json GitLab output<br>- markdown: markdown output (including some html tags like collapsible sections)<br>- sbom: json SBOM output<br> |
| `--ignore-base`        |               |            | Filter out CVEs introduced from base image                                                                                                                                                                                                                                                                                                            |
Title: Docker Scout CVEs Command and Options
Summary
This section documents the `docker scout cves` command, which displays CVEs found in a software artifact (image, directory, or archive). It outlines various options, including those for displaying details, specifying the environment, filtering by EPSS score and percentile, setting an exit code if vulnerabilities are found, choosing the output format (packages, SARIF, SPDX, GitLab, Markdown, SBOM), and ignoring CVEs from the base image.