Releases: docker/scout-cli
Releases · docker/scout-cli
v1.4.1
These notes include changes part of v1.4.0
Highlights
- Update dependencies to address Leaky Vessels series of CVEs (CVE-2024-21626, CVE-2024-24557)
- Add initial VEX document to document false positive CVE-2020-8911 and CVE-2020-8912
- Support cosign SBOM attestations
- Support for VEX in-toto attestations
Bug fixes / Improvements
- Fix order and case of details column headers in the policy deviation details tables
- Fix platform detection when an image index contains
linux/arm64/v8but the local platform is onlylinux/arm64 - Fix display of the base image in case the base image is not indexed by docker scout but defined in the provenance attestation (for private or non Docker Trusted Content base images)
Affectsquickviewandrecommendationscommands - Fix panic when an SBOM contains no packages
Especially when usingdocker scoutto analyse local file system, for instance usingdocker scout cves fs://. - Bump Syft to 0.103.1 to fix golang Purl with subpath
- Add support for subpaths in PURLs
For instance an image containing both packagesgithub.com/gofiber/templateandgithub.com/gofiber/template/django/v3, previously the two packages were visible under the samegithub.com/gofiber/templatename. Now both of them are correctly identified - Remove query strings from title in rendered hyperlinks
v1.3.0
- Update
syfttov0.100.0 - Support
in-totoenvelope layer in attestations - Improve display of policy results in case of a boolean policy
See for instance with a policy to ensure nonrootuser is defined in the image:
v1.2.2
Contributors
cdupuis and felipecruz91
Assets 9
v1.2.1
v1.2.0
What's Changed
- Display configurable policy names by @felipecruz91
- Add support for writing SDPX and CycloneDx to file by @cdupuis
- Support ACR in docker scout repo commands by @velll
- Docs cli reference refresh by @dvdksn
Contributors
cdupuis, velll, and 2 other contributors
Assets 9
v1.0.9
Merge pull request #65 from docker/v1.0.9 Publish v1.0.9 release
v1.0.8
v1.0.8