docker scout recommendations

Display available base image updates and remediation recommendations

Usage

docker scout recommendations [IMAGE|DIRECTORY|ARCHIVE]

Description

The docker scout recommendations command display recommendations for base images updates. It analyzes the image and display recommendations to refresh or update the base image. For each recommendation it shows a list of benefits, such as fewer vulnerabilities or smaller image size.

If no image is specified, the most recently built image is used.

The following artifact types are supported:

  • Images
  • OCI layout directories
  • Tarball archives, as created by docker save
  • Local directory or file

By default, the tool expects an image reference, such as:

  • redis
  • curlimages/curl:7.87.0
  • mcr.microsoft.com/dotnet/runtime:7.0

If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory, or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:

  • image:// (default) use a local image, or fall back to a registry lookup
  • local:// use an image from the local image store (don't do a registry lookup)
  • registry:// use an image from a registry (don't use a local image)
  • oci-dir:// use an OCI layout directory
  • archive:// use a tarball archive, as created by docker save
  • fs:// use a local directory or file

Options

OptionDefaultDescription
--only-refreshOnly display base image refresh recommendations
--only-updateOnly display base image update recommendations
--orgNamespace of the Docker organization
-o, --outputWrite the report to a file
--platformPlatform of image to analyze
--refReference to use if the provided tarball contains multiple references.
Can only be used with archive
--tagSpecify tag

Examples

Display base image update recommendations

$ docker scout recommendations golang:1.19.4

Display base image refresh only recommendations

$ docker scout recommendations --only-refresh golang:1.19.4

Display base image update only recommendations

$ docker scout recommendations --only-update golang:1.19.4