Integrating Docker Scout with environments
You can integrate Docker Scout with your runtime environments, and get insights for your running workloads. This gives you a real-time view of your security status for your deployed artifacts.
Docker Scout lets you define multiple environments, and assign images to different environments. This gives you a complete overview of your software supply chain, and lets you view and compare deltas between environments, for example staging and production.
How you define and name your environments is up to you. You can use patterns that are meaningful to you and that matches how you ship your applications.
Each environment contains references to a number of images. These references represent containers currently running in that particular environment.
For example, say you're running
myorg/webapp:3.1 in production, you can
assign that tag to your
production environment. You might be running a
different version of the same image in staging, in which case you can assign
that version of the image to the
To add environments to Docker Scout, you can:
- Use the
docker scout env <environment> <image>CLI command to record images to environments manually
- Enable a runtime integration to automatically detect images in your environments.
Docker Scout supports the following runtime integrations:
Only organization owners can create new environments and set up integrations. Additionally, Docker Scout only assigns an image to an environment if the image has been analyzed, either manually or through a registry integration.
To see all of the available environments for an organization, you can use the
docker scout env command.
$ docker scout env
By default, this prints all environments for your personal Docker organization.
To list environments for another organization that you're a part of, use the
$ docker scout env --org <org>
You can use the
docker scout config command to change the default
organization. This changes the default organization for all
commands, not just
$ docker scout config organization <org>
Assigning images to environments lets you make comparisons with and between environments. This is useful for things like GitHub pull requests, for comparing the image built from the code in the PR to the corresponding image in staging or production.
You can also compare with streams using the
--to-env flag on the
docker scout compare
$ docker scout compare --to-env production myorg/webapp:latest
To view the images for an environment:
- Go to the Docker Scout Dashboard.
- Select the Images tab.
- Open the Environments drop-down menu.
- Select the environment that you want to view.
The list displays all images that have been assigned to the selected environment. If you've deployed multiple versions of the same image in an environment, all versions of the image appear in the list.
Alternatively, you can use the
docker scout env command to view the images from the terminal.
$ docker scout env production
When you've selected an environment on the Images tab, tags in the list represent the tag that was used to deploy the image. Tags are mutable, meaning that you can change the image digest that a tag refers to. If Docker Scout detects that a tag refers to an outdated digest, a warning icon displays next to the image name.