Skip to content

v1.12.0
Compare
Choose a tag to compare
@github-actions github-actions released this 31 Jul 07:56
· 20 commits to main since this release
v1.12.0
a115e2e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

  • Only display vulnerabilities from the base image:

    $ docker scout cves --only-base IMAGE

  • Account for VEX in quickview command.

    $ docker scout quickview IMAGE --only-vex-affected --vex-location ./path/to/my.vex.json
    uses: docker/scout-action@v1
with:
  command: quickview
  image: [IMAGE]
  only-vex-affected: true
  vex-location: ./path/to/my.vex.json

  • Account for VEX in cves command (GitHub Actions).

    uses: docker/scout-action@v1
with:
  command: cves
  image: [IMAGE]
  only-vex-affected: true
  vex-location: ./path/to/my.vex.json

Bug Fixes / Improvements

  • Update github.com/docker/docker to v26.1.5+incompatible to fix CVE-2024-41110.
  • Update syft to 1.10.0.

Contributors

@cdupuis @LaurentGoderre @felipecruz91

Assets 9
Loading