Docker Scout

Note

Docker Scout is an early access product, and requires a Docker Pro, Team, or Business subscription.

If you’re interested in Docker Scout for your organization and want to learn more, get in touch by filling out the contact form on the Docker Scout product page.

Docker Scout is a collection of software supply chain features that appear throughout Docker user interfaces and the command line interface (CLI). These features provide detailed insights into the composition and security of container images.

Docker Scout analyzes image contents and generates a detailed report of packages and vulnerabilities that it detects. Docker Scout can also help provide you with suggestions for how you can remediate issues discovered by the image analysis.

The image details view in Docker Desktop and the tag details pages on Docker Hub are both powered by Docker Scout.

You can view and interact with Docker Scout from your terminal through the docker scout plugin for Docker CLI.

There’s also a web UI that you can use to explore additional information about images, packages, and CVEs.

Get started with Docker Scout

To start using Docker Scout, turn on any of the following features:

• Advanced image analysis in Docker Hub
• Artifactory integration

Enabling either feature requires a paid Docker subscription. Once enabled, Docker Scout is activated for your organization automatically.

Advanced image analysis

Advanced image analysis is a feature in Docker Hub which, when enabled, triggers a Docker Scout analysis every time you push an image. The analysis updates continuously, meaning that the vulnerability report for an image is always up to date as new CVEs are discovered. No need to re-scan an image.

For more information, see Advanced image analysis.

Artifactory integration

Users of JFrog Artifactory, or JFrog Container Registry, can integrate Docker Scout to enable automatic analysis of images. For more information, see Artifactory integration.

Docker Scout CLI

The docker scout CLI plugin provides a terminal interface for Docker Scout.

Using the CLI, you can analyze images and view the analysis report in text format. You can print the results directly to stdout, or export them to a file using a structured format, such as Static Analysis Results Interchange Format (SARIF). For more information about how to use the docker scout CLI, see the reference documentation.