Home Explore Blog Models CI



docker
2nd chunk of `_vendor/github.com/docker/scout-cli/docs/scout_cves.md`
5c859781a50fb6f28719fef76f27382f3b96d803864277200000000100000fa0
| `-e`, `--exit-code`    |               |            | Return exit code '2' if vulnerabilities are detected                                                                                                                                                                                                                                                                                                  |
| `--format`             | `string`      | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- spdx: json SPDX output<br>- gitlab: json GitLab output<br>- markdown: markdown output (including some html tags like collapsible sections)<br>- sbom: json SBOM output<br> |
| `--ignore-base`        |               |            | Filter out CVEs introduced from base image                                                                                                                                                                                                                                                                                                            |
| `--ignore-suppressed`  |               |            | Filter CVEs found in Scout exceptions based on the specified exception scope                                                                                                                                                                                                                                                                          |
| `--locations`          |               |            | Print package locations including file paths and layer diff_id                                                                                                                                                                                                                                                                                        |
| `--multi-stage`        |               |            | Show packages from multi-stage Docker builds                                                                                                                                                                                                                                                                                                          |
| `--only-base`          |               |            | Only show CVEs introduced by the base image                                                                                                                                                                                                                                                                                                           |
| `--only-cisa-kev`      |               |            | Filter to CVEs listed in the CISA KEV catalog                                                                                                                                                                                                                                                                                                         |
| `--only-cve-id`        | `stringSlice` |            | Comma separated list of CVE ids (like CVE-2021-45105) to search for                                                                                                                                                                                                                                                                                   |
| `--only-fixed`         |               |            | Filter to fixable CVEs                                                                                                                                                                                                                                                                                                                                |
Title: Docker Scout CVEs Command Options (Continued)
Summary
This section continues detailing options for the `docker scout cves` command. It covers options to set an exit code on vulnerability detection, specify the output format (packages, SARIF, SPDX, GitLab, Markdown, or SBOM), ignore CVEs from the base image or suppressed exceptions, print package locations, show packages from multi-stage builds, only show base image CVEs, filter for CVEs in the CISA KEV catalog, search for specific CVE IDs, and filter for fixable CVEs.