Home Explore Blog CI



docker
3rd chunk of `content/manuals/scout/release-notes/cli.md`
f62f4bb7f366fcdcea095f99e98b3e71e7503c02457afbfc0000000100000a7e
        curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
        apk del curl
        rm -rf /var/cache/apk/*
      # Login to Docker Hub required for Docker Scout CLI
      - echo "$DOCKER_HUB_PAT" | docker login --username "$DOCKER_HUB_USER" --password-stdin

    # All branches are tagged with $DOCKER_IMAGE_NAME (defaults to commit ref slug)
    # Default branch is also tagged with `latest`
    script:
      - docker buildx b --pull -t "$DOCKER_IMAGE_NAME" .
      - docker scout cves "$DOCKER_IMAGE_NAME" --format gitlab --output gl-container-scanning-report.json
      - docker push "$DOCKER_IMAGE_NAME"
      - |
        if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
          docker tag "$DOCKER_IMAGE_NAME" "$CI_REGISTRY_IMAGE:latest"
          docker push "$CI_REGISTRY_IMAGE:latest"
        fi
    # Run this job in a branch where a Dockerfile exists
    rules:
      - if: $CI_COMMIT_BRANCH
        exists:
          - Dockerfile
    artifacts:
      reports:
        container_scanning: gl-container-scanning-report.json
  ```

### Bug fixes and enhancements

- Support single-architecture images for `docker scout attest add` command
- Indicate on the `docker scout quickview` and `docker scout recommendations` commands if image provenance was not created using `mode=max`.
  Without `mode=max`, base images may be incorrectly detected, resulting in less accurate results.

## 1.9.0

{{< release-date date="2024-05-24" >}}

Discarded in favor of [1.9.1](#191).

## 1.8.0

{{< release-date date="2024-04-25" >}}

### Bug fixes and enhancements

- Improve format of EPSS score and percentile.

  Before:

  ```text
  EPSS Score      : 0.000440
  EPSS Percentile : 0.092510
  ```

  After:

  ```text
  EPSS Score      : 0.04%
  EPSS Percentile : 9th percentile
  ```

- Fix markdown output of the `docker scout cves` command when analyzing local filesystem. [docker/scout-cli#113](https://github.com/docker/scout-cli/issues/113)

## 1.7.0

{{< release-date date="2024-04-15" >}}

### New

- The [`docker scout push` command](/reference/cli/docker/scout/push/) is now fully available: analyze images locally and push the SBOM to Docker Scout.

### Bug fixes and enhancements

- Fix adding attestations with `docker scout attestation add` to images in private repositories
- Fix image processing for images based on the empty `scratch` base image
- A new `sbom://` protocol for Docker Scout CLI commands let you read a Docker Scout SBOM from standard input.

  ```console
  $ docker scout sbom IMAGE | docker scout qv sbom://
  ```

- Add classifier for Joomla packages

## 1.6.4

{{< release-date date="2024-03-26" >}}
Title: Docker Scout CLI Release Notes: Versions 1.9.1 - 1.6.4
Summary
This section of the Docker Scout CLI release notes covers versions 1.9.1 through 1.6.4. Key updates include support for GitLab container scanning format, improvements to single-architecture image support, indication of image provenance mode in `docker scout quickview` and `recommendations`, enhanced EPSS score formatting, fixes to markdown output, full availability of the `docker scout push` command, fixes for attestations in private repositories, and the addition of a new `sbom://` protocol for reading SBOMs from standard input. Also includes a classifier for Joomla packages.