Generic Environment Integration with Docker Scout CLI

--- description: Integrate your runtime environments with Docker Scout using the CLI client keywords: docker scout, integration, image analysis, runtime, workloads, cli, environments title: Generic environment integration with CLI linkTitle: Generic (CLI) --- {{% include "scout-early-access.md" %}} You can create a generic environment integration by running the Docker Scout CLI client in your CI workflows. The CLI client is available as a binary on GitHub and as a container image on Docker Hub. Use the client to invoke the `docker scout environment` command to assign your images to environments. For more information about how to use the `docker scout environment` command, refer to the [CLI reference](/reference/cli/docker/scout/environment.md). ## Examples Before you start, set the following environment variables in your CI system: - `DOCKER_SCOUT_HUB_USER`: your Docker Hub username - `DOCKER_SCOUT_HUB_PASSWORD`: your Docker Hub personal access token Make sure the variables are accessible to your project. {{< tabs >}} {{< tab name="Circle CI" >}} ```yaml version: 2.1 jobs: record_environment: machine: image: ubuntu-2204:current image: namespace/repo steps: - run: | if [[ -z "$CIRCLE_TAG" ]]; then tag="$CIRCLE_TAG" echo "Running tag '$CIRCLE_TAG'" else tag="$CIRCLE_BRANCH" echo "Running on branch '$CI_COMMIT_BRANCH'" fi echo "tag = $tag" - run: docker run -it \ -e DOCKER_SCOUT_HUB_USER=$DOCKER_SCOUT_HUB_USER \ -e DOCKER_SCOUT_HUB_PASSWORD=$DOCKER_SCOUT_HUB_PASSWORD \ docker/scout-cli:1.0.2 environment \ --org "<MY_DOCKER_ORG>" \ "<ENVIRONMENT>" ${image}:${tag} ``` {{< /tab >}} {{< tab name="GitLab" >}} The following example uses the [Docker executor](https://docs.gitlab.com/runner/executors/docker.html). ```yaml variables: image: namespace/repo record_environment: image: docker/scout-cli:1.0.2 script: - | if [[ -z "$CI_COMMIT_TAG" ]]; then tag="latest" echo "Running tag '$CI_COMMIT_TAG'" else tag="$CI_COMMIT_REF_SLUG" echo "Running on branch '$CI_COMMIT_BRANCH'" fi echo "tag = $tag" - environment --org <MY_DOCKER_ORG> "PRODUCTION" ${image}:${tag} ``` {{< /tab >}} {{< tab name="Azure DevOps" >}} ```yaml trigger: - main resources: - repo: self variables: tag: "$(Build.BuildId)" image: "namespace/repo" stages: - stage: Docker Scout displayName: Docker Scout environment integration jobs: - job: Record displayName: Record environment pool: vmImage: ubuntu-latest steps: - task: Docker@2 - script: docker run -it \ -e DOCKER_SCOUT_HUB_USER=$DOCKER_SCOUT_HUB_USER \ -e DOCKER_SCOUT_HUB_PASSWORD=$DOCKER_SCOUT_HUB_PASSWORD \ docker/scout-cli:1.0.2 environment \ --org "<MY_DOCKER_ORG>" \ "<ENVIRONMENT>" $(image):$(tag) ``` {{< /tab >}} {{< tab name="Jenkins" >}} ```groovy stage('Analyze image') { steps { // Install Docker Scout sh 'curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- -b /usr/local/bin' // Log into Docker Hub sh 'echo $DOCKER_SCOUT_HUB_PASSWORD | docker login -u $DOCKER_SCOUT_HUB_USER --password-stdin' // Analyze and fail on critical or high vulnerabilities sh 'docker-scout environment --org "<MY_DOCKER_ORG>" "<ENVIRONMENT>" $IMAGE_TAG } } ``` {{< /tab >}} {{< /tabs >}}

This section explains how to integrate runtime environments with Docker Scout using the CLI client in CI workflows. It provides examples for Circle CI, GitLab, Azure DevOps, and Jenkins, demonstrating how to use the `docker scout environment` command to assign images to specific environments. The examples include setting environment variables for Docker Hub credentials and invoking the Docker Scout CLI within the CI pipelines.