unboxing docker scout capabilities
A quest to discover Docker Scout and Docker Build Cloud while exploring new capabilities of Docker Desktop and Docker Hub.
There are new enhancements for docker scout link Notifications and Metrics Exporter
Source - The application consists of a basic ExpressJS server and uses an intentionally old version of Express and Alpine base image.
Source - To get started, there are few prerequisites to get the full value of Docker Business
Create a [Docker ID](https://docs.docker.com/scout/quickstart, if you do not already have one, and log in to Hub.
If you don’t have Docker Desktop installed, get started
The demo makes use of DockerScout, DockerHub, Docker CloudBuild and DockerDesktop
Setup docker scout-cli
Clone your target Repo
Let build, enable scout for our repo, then push the image
1a. Build the image, naming it to match the organization you will push it to, and tag it as v1:
example: docker build -t demonstrationorg/docker-scout-conveyor:v1 .
To make use of docker build cloud
example: docker buildx build --builder cloud-salestestorg-se-cloud-builder --tag demonstrationorg/docker-scout-conveyor:v1 .
1b. Use CI to Build Image and View Scout Info:
-
Create and push the repository on Docker Hub:
-
Enable Docker Scout docker scout repo enable --org {InsertmyOrg} {InsertmyOrg}/{InsertImageName}:{InsertImageTag} example: docker scout repo enable --org demonstrationorg demonstrationorg/scout-demo:v1
Upon enabling the repository, you can Manage repositories in the Docker Scout Dashboard? → https://scout.docker.com/org/{InsertmyOrg}/settings/repos → https://scout.docker.com/org/demonstrationorg/settings/repos
- Analyze the image vulnerabilities and Remediate as needed
To generate a human-readable list, RUN docker scout sbom --format list docker-new-reef-revelations
You can integrate Docker Scout with Slack by creating a Slack webhook and adding it to the Docker Scout Dashboard. After configuring the integration, Docker Scout sends notifications about changes to policy compliance and vulnerability exposure for your repositories, to the Slack channels associated with the webhook.
The demo can make use of a docker build cloud
docker buildx build --builder cloud-salestestorg-se-cloud-builder --tag demonstrationorg/scout-cloud-build:v1 .
example: docker buildx build --builder cloud-salestestorg-se-cloud-builder --tag demonstrationorg/scout-cloud-build:v1 .
docker run scout-demo:v1
View build details: docker-desktop://dashboard/build/{insertDockerBuildCloudBuilder}/linux-arm64/yqy1m8bqmiqocq5twdly66p6e
View build details: docker-desktop://dashboard/build/cloud-salestestorg-se-cloud-builder/linux-arm64/yqy1m8bqmiqocq5twdly66p6e
View a summary of image vulnerabilities and recommendations
→ docker scout quickview
View vulnerabilities
→ docker scout cves local://demonstrationorg/scout-demo-service-python:v1
View base image update recommendations
→ docker scout recommendations local://demonstrationorg/scout-demo-service-python:v1
Include policy results in your quickview by supplying an organization
→ docker scout quickview local://demonstrationorg/scout-demo-service-python:v1 --org demonstrationorg
→ docker scout policy local://demonstrationorg/scout-demo-example-voting-app:v1 --org demonstrationorg
This repository contains a python application and Dockerfile to demonstrate the use of Docker Scout to analyze and remediate CVEs in a container image.
Incorprate a GitHub Action to run the Docker Scout CLI as part of your workflows.