Docker Scout is a tool provided by Docker to help developers and operations teams enhance the security and efficiency of their container images. It provides insights into container images, focusing on identifying vulnerabilities, adhering to best practices, and other important metrics that ensure the security and performance of Docker images.
Docker Scout is a solution for proactively enhancing your software supply chain security. By analyzing your images, Docker Scout compiles an inventory of components, also known as a Software Bill of Materials (SBOM). The SBOM is matched against a continuously updated vulnerability database to pinpoint security weaknesses.
Docker Scout is a standalone service and platform that you can interact with using Docker Desktop, Docker Hub, the Docker CLI, and the Docker Scout Dashboard. Docker Scout also facilitates integrations with third-party systems, such as container registries and CI platforms.
Key Features of Docker Scout
Vulnerability Scanning: Docker Scout scans container images for known vulnerabilities. It leverages databases like the National Vulnerability Database (NVD) and other security sources to identify issues within the software packages included in your container images.
Image Composition Analysis: It provides detailed information on the layers and software packages in your Docker images, helping you understand what is inside your containers. This is crucial for identifying potential security risks or inefficiencies.
Best Practices Checks: Docker Scout evaluates your images against Docker’s best practices for building container images. This includes recommendations for reducing image size, optimizing build processes, and improving security configurations.
Docker Scout Free: Docker Scout Free is available for both personal accounts and organizations. If you have a Docker subscription, you automatically have access to Docker Scout Free. This plan is ideal for individual developers getting started with software supply chain security.
Continuous Integration/Continuous Deployment (CI/CD) Integration: Docker Scout can be integrated into CI/CD pipelines to ensure that every build is automatically scanned for vulnerabilities and compliance with best practices before being deployed. This helps in maintaining secure and efficient builds.
Reporting and Notifications: It generates detailed reports on the findings from its scans and can notify you about new vulnerabilities or issues as they are discovered. This proactive approach helps in maintaining the security and performance of your containerized applications.
Remediation Guidance: Docker Scout provides actionable guidance on how to address identified vulnerabilities and improve your Docker images based on its analysis. This may involve updating base images, patching software, or modifying Dockerfiles to follow best practices.
👉 Install Docker Scout
docker scout CLI plugin is available by default on Docker Desktop starting with version 4.17
If you’re using Docker on a Linux machine, make sure your Docker CLI is updated to the latest version. Docker Scout is included in Docker CLI starting from Docker version 4.6.0.
If you run Docker Engine without Docker Desktop, Docker Scout doesn’t come pre-installed, but you can install it as a standalone binary.
To install the latest version of the plugin, run the following commands:
$ curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
$sh install-scout.sh