Home Explore Blog CI



docker
1st chunk of `content/manuals/scout/explore/exceptions.md`
f2500d34703235ba4f20244158ade7359d3f6526890be1df0000000100000894
---
title: Manage vulnerability exceptions
description: |
  Exceptions let you provide additional context and documentation for how
  vulnerabilities affect your artifacts, and provides the ability to
  suppress non-applicable vulnerabilities
keywords: scout, cves, suppress, vex, exceptions
---

Vulnerabilities found in container images sometimes need additional context.
Just because an image contains a vulnerable package, it doesn't mean that the
vulnerability is exploitable. **Exceptions** in Docker Scout lets you
acknowledge accepted risks or address false positives in image analysis.

By negating non-applicable vulnerabilities, you can make it easier for yourself
and downstream consumers of your images to understand the security implications
of a vulnerability in the context of an image.

In Docker Scout, exceptions are automatically factored into the results.
If an image contains an exception that flags a CVE as non-applicable,
then that CVE is excluded from analysis results.

## Create exceptions

To create an exception for an image, you can:

- Create an exception in the [GUI](/manuals/scout/how-tos/create-exceptions-gui.md) of
  Docker Scout Dashboard or Docker Desktop.
- Create a [VEX](/manuals/scout/how-tos/create-exceptions-vex.md) document and attach
  it to the image.

The recommended way to create exceptions is to use Docker Scout Dashboard or
Docker Desktop. The GUI provides a user-friendly interface for creating
exceptions. It also lets you create exceptions for multiple images, or your
entire organization, all at once.

## View exceptions

To view exceptions for images, you need to have the appropriate permissions.

- Exceptions created [using the GUI](/manuals/scout/how-tos/create-exceptions-gui.md)
  are visible to members of your Docker organization. Unauthenticated users or
  users who aren't members of your organization cannot see these exceptions.
- Exceptions created [using VEX documents](/manuals/scout/how-tos/create-exceptions-vex.md)
  are visible to anyone who can pull the image, since the VEX document is
  stored in the image manifest or on filesystem of the image.

### View exceptions in Docker Scout Dashboard or Docker Desktop
Title: Managing Vulnerability Exceptions in Docker Scout
Summary
Docker Scout allows users to create exceptions for vulnerabilities found in container images to provide additional context, acknowledge accepted risks, or address false positives. Exceptions can be created via the Docker Scout Dashboard/Desktop GUI or by attaching a VEX document to the image. Exceptions created via the GUI are visible to members of the Docker organization, while VEX document exceptions are visible to anyone who can pull the image.