Positronick
← Registry
CLI Official

Docker Scout CLI

The 'docker scout' CLI plugin for software supply chain security: generating SBOMs, matching components against vulnerability databases, and evaluating image policy compliance.

Install

curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh && sh install-scout.sh
$

Docker Scout is a software supply chain feature set exposed through the docker scout CLI plugin. It builds an image's SBOM, matches components against vulnerability data to surface CVEs, compares two images to spot newly introduced issues, and evaluates policy compliance. For example, docker scout cves IMAGE --exit-code --only-severity critical,high can fail a CI build on serious vulnerabilities. It ships with Docker Desktop or installs standalone.

Official source ↗ Repository ↗