Home Explore Blog CI



docker
1st chunk of `content/guides/docker-scout/_index.md`
55fe6e064d0659ff8caef7e9c8e0a127660f7db53374c7bc00000001000008ff
---
title: Securing your software supply chain with Docker Scout
linkTitle: Docker Scout
summary: |
  Enhance container security by automating vulnerability detection and
  remediation.
description: |
  Learn how to use Docker Scout to enhance container security by automating
  vulnerability detection and remediation, ensuring compliance, and protecting
  your development workflow.
tags: [product-demo]
aliases:
  - /learning-paths/docker-scout/
params:
  featured: true
  image: images/learning-paths/scout.png
  time: 20 minutes
  resource_links:
    - title: Docker Scout overview
      url: /scout/
    - title: Docker Scout quickstart
      url: /scout/quickstart/
    - title: Install Docker Scout
      url: /scout/install/
---

When container images are insecure, significant risks can arise. Around 60% of
organizations have reported experiencing at least one security breach or
vulnerability incident within a year, [resulting in operational
disruption][CSA]. These incidents often result in considerable downtime, with
44% of affected companies experiencing over an hour of downtime per event. The
financial impact is substantial, with [the average data breach cost reaching
$4.45 million][IBM]. This highlights the critical importance of maintaining
robust container security measures.

Docker Scout enhances container security by providing automated vulnerability
detection and remediation, addressing insecure container images, and ensuring
compliance with security standards.


## What you'll learn

- Define Secure Software Supply Chain (SSSC)
- Review SBOMs and how to use them
- Detect and monitor vulnerabilities

## Tools integration

Works well with Docker Desktop, GitHub Actions, Jenkins, Kubernetes, and
other CI solutions.

## Who’s this for?

- DevOps engineers who need to integrate automated security checks into CI/CD
  pipelines to enhance the security and efficiency of their workflows.
- Developers who want to use Docker Scout to identify and remediate
  vulnerabilities early in the development process, ensuring the production of
  secure container images.
- Security professionals who must enforce security compliance, conduct
  vulnerability assessments, and ensure the overall security of containerized
  applications.

<div id="scout-lp-survey-anchor"></div>
Title: Introduction to Docker Scout and Software Supply Chain Security
Summary
This document introduces Docker Scout, a tool designed to enhance container security by automating vulnerability detection and remediation. It highlights the risks associated with insecure container images, such as security breaches and financial losses. The document outlines what users will learn, including defining Secure Software Supply Chain (SSSC), reviewing SBOMs, and detecting vulnerabilities. It also specifies the target audience, which includes DevOps engineers, developers, and security professionals, emphasizing the tool's integration with various CI/CD solutions and its role in improving software supply chain security.