scout-cli
scout-cli copied to clipboard
docker
Docker Scout CLI
For CVE: https://scout.docker.com/vulnerabilities/id/CVE-2022-42919?s=ubuntu&n=python3.11&ns=ubuntu&t=deb&osn=ubuntu&osv=22.04&vr=%3E%3D0 I have Python 3.11 installed with: ``` add-apt-repository ppa:deadsnakes/ppa \ && apt-get install -y python3.11 python3.11-venv python3.11-distutils \ && python3.11 -m ensurepip \ ``` Scout reports: ```...
It would be nice to be able to read images piped from stdin to be able to chain commands without storing intermediate files on the local filesystem. Example usage: ```...
Example CVE: https://scout.docker.com/vulnerabilities/id/CVE-2023-41915?s=ubuntu&n=pmix&ns=ubuntu&t=deb&osn=ubuntu&osv=22.04&vr=%3E%3D0 Compare: 1. Installing package ``` FROM ubuntu:22.04 RUN apt-get update && apt-get install -y libpmix2 ``` CVE is detected. 2. Building from source ``` FROM ubuntu:22.04 RUN...
I am trying to execute the docker scout CLI on a windows machine to evaluate my policy that I have defined in Docker Hub. I am getting a 409 but...
IN REF of this Issues closed https://github.com/docker/scout-cli/issues/98 Sorry to reiterate the error, but for Windows the path integration in the JSON is wrong, it has to be escaped, so putting...
In cases of fast iteration while refactoring to remove vulnerabilities, the information is noisy, or trashy information that I wouldn’t like to have related to the organization, so I don't...
Shadow 4.13 is vulnerable to [CVE-2023-29383](https://scout.docker.com/vulnerabilities/id/CVE-2023-29383). Docker container for python:3.10 comes with shadow 4.13 as a package dependency but the CVE-2023-29383 is not found. Steps to reproduce: 1. Verify shadow...
I assume that this can probably reproduced for other images like `node` and so on that uses different numbering schemes for LTS vs unstable. ```Dockerfile FROM ubuntu:24.10 RUN ls ```...
Docker Scout incorrectly assessed base image for PHP as outdated. Additionally Docker Scout's quick fix identifies same old image and new image. As you can see, both the "old" and...
Like many security tools, Docker Scout's report format is too verbose. This triggers GitHub Actions CI/CD text length limits. Which then triggers a low level Actions false positive glitch. Which...
