Share feedback
Answers are generated based on the documentation.

Integrate Docker Scout with GitHub

Important

The Docker Scout GitHub integration was retired on July 1, 2026. For base-image updates, use GitHub Dependabot with package-ecosystem: "docker". For image-to-source linkage, build with --provenance=mode=max.

Note

This retirement applies only to the Docker Scout GitHub App integration. The docker/scout-action GitHub Action for CI pipelines is not affected and continues to work.

Migrate from the GitHub integration

The integration provided two capabilities, each with an alternative.

Base-image digest repinning

Use GitHub Dependabot with package-ecosystem: "docker". Dependabot opens PRs to update base image tags and digests on a schedule. When you pin as FROM image:tag@sha256:..., both the tag and digest are updated. The Scout integration updated only the digest.

Minimal .github/dependabot.yml:

version: 2
updates:
  - package-ecosystem: "docker"
    directory: "/"
    schedule:
      interval: "weekly"

See Configuring Dependabot version updates.

Image-to-source linkage

Build with --provenance=mode=max. Docker Scout reads the resulting provenance attestation to link an image back to its source repository without requiring the GitHub app.

$ docker build --provenance=mode=max -t myimage:tag .

See SLSA provenance attestations.