Docker Scout with your source code management, and a remediation feature for
helping you improve policy compliance.
Remediation is a new capability for Docker Scout to provide contextual,
recommended actions based on policy evaluation results on how you can improve
compliance.
The GitHub integration enhances the remediation feature. With the integration
enabled, Docker Scout is able to connect analysis results to the source. This
additional context about how your images are built is used to generate better,
more precise recommendations.
For more information about the types of recommendations that Docker Scout can
provide to help you improve policy compliance, see
[Remediation](../policy/remediation.md).
For more information about how to authorize the Docker Scout GitHub app on your
source repositories, see
[Integrate Docker Scout with GitHub](../integrations/source-code-management/github.md).
## Q4 2023
New features and enhancements released in the fourth quarter of 2023.
### 2023-12-20
**Azure Container Registry** integration graduated from
[Beta](../../release-lifecycle.md#beta) to
[Early Access](../../release-lifecycle.md#early-access-ea).
For more information and setup instructions, see
[Integrate Azure Container Registry](../integrations/registry/acr.md).
### 2023-12-06
New [SonarQube](https://www.sonarsource.com/products/sonarqube/) integration
and related policy. SonarQube is an open-source platform for continuous
inspection of code quality. This integration lets you add SonarQube's quality
gates as a policy evaluation in Docker Scout. Enable the integration, push your
images, and see the SonarQube quality gate conditions surfaced in the new
**SonarQube quality gates passed** policy.
### 2023-12-01
[Beta](../../release-lifecycle.md#beta) release of a new **Azure Container
Registry** (ACR) integration, which lets Docker Scout pull and analyze images
in ACR repositories automatically.
To learn more about the integration and how to get started, see
[Integrate Azure Container Registry](../integrations/registry/acr.md).
### 2023-11-21
New **configurable policies** feature, which enables you to tweak the
out-of-the-box policies according to your preferences, or disable them entirely
if they don't quite match your needs. Some examples of how you can adapt
policies for your organization include:
- Change the severity-thresholds that vulnerability-related policies use
- Customize the list of "high-profile vulnerabilities"
- Add or remove software licenses to flag as "copyleft"
For more information, see [Configurable policies](../policy/configure.md).
### 2023-11-10
New **Supply chain attestations** policy for helping you track whether your
images are built with SBOM and provenance attestations. Adding attestations to
images is a good first step in improving your supply chain conduct, and is
often a prerequisite for doing more.
### 2023-11-01
New **No high-profile vulnerabilities** policy, which ensures your artifacts are
free from a curated list of vulnerabilities widely recognized to be risky.
### 2023-10-04
This marks the General Availability (GA) release of Docker Scout.
The following new features are included in this release:
- [Policy Evaluation](#policy-evaluation) (Early Access)
- [Amazon ECR integration](#amazon-ecr-integration)
- [Sysdig integration](#sysdig-integration)
- [JFrog Artifactory integration](#jfrog-artifactory-integration)
#### Policy evaluation
Policy Evaluation is an early access feature that helps you ensure software
integrity and track how your artifacts are doing over time. This release ships
with four out-of-the-box policies, enabled by default for all organizations.