Releases · docker/scout-action

Bug Fixes / Improvements

improve package detection to ignore referenced but not installed packages

Contributors

Bug Fixes / Improvements

fix an issue when rendering markdown output using sbom:// prefix

Contributors

Highlights

Add support for passing in SBOM files in SDPX or in-toto SDPX format

uses: docker/scout-action@v1
with:
    command: cves
    image: sbom://alpine.spdx.json

Add support for SBOM files in syft-json format

uses: docker/scout-action@v1
with:
    command: cves
    image: sbom://alpine.syft.json

Bug Fixes / Improvements

Fix panic when indexing single image oci-dir input
Improve local attestation support with the containerd image store

Contributors

General bug fixes and performance improvements

Highlights

Cache SBOM and attestations using the image index digest if exists
Add file hashes/digest when generating SBOMs
Upgrade syft to 0.105.0
Support local attestations from a containerd image store or OCI export

Bug fixes / Improvements

fix reading SBOM for gcr.io/distroless images
read distribution in SBOM from attestations

These notes include changes part of v1.4.0

Highlights

Update dependencies to address Leaky Vessels series of CVEs (CVE-2024-21626, CVE-2024-24557)
Add initial VEX document to document false positive CVE-2020-8911 and CVE-2020-8912
Support cosign SBOM attestations
Support for VEX in-toto attestations

Bug fixes / Improvements

Fix platform detection when an image index contains linux/arm64/v8 but the local platform is only linux/arm64
Fix display of the base image in case the base image is not indexed by docker scout but defined in the provenance attestation (for private or non Docker Trusted Content base images)
Affects quickview and recommendations commands
Fix panic when an SBOM contains no packages
Especially when using docker scout to analyse local file system, for instance using docker scout cves fs://.
Bump Syft to 102 to fix golang Purl with subpath
Add support for subpaths in PURLs
For instance an image containing both packages github.com/gofiber/template and github.com/gofiber/template/django/v3, previously the two packages were visible under the same github.com/gofiber/template name. Now both of them are correctly identified

Update syft to v0.100.0
Support in-toto envelope layer in attestations
Improve display of policy results in case of a boolean policy

@cdupuis

What's Changed

Fix link rendering growing the column by @cdupuis
No cache and docs by @cdupuis
Add correlation headers by @cdupuis
Allow to pass in additional SBOM catalogers by @cdupuis
Add No Data link for SonarQube policy by @felipecruz91
Policy fixes by @cdupuis

@felipecruz91

What's Changed

Display configurable policy names by @felipecruz91
Add support for writing SDPX and CycloneDx to file by @cdupuis
Support ACR in docker scout repo commands by @velll
Docs cli reference refresh by @dvdksn

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bug Fixes / Improvements

Contributors

Uh oh!

Bug Fixes / Improvements

Contributors

Uh oh!

Highlights

Bug Fixes / Improvements

Contributors

Uh oh!

Uh oh!

Highlights

Bug fixes / Improvements

Uh oh!

Highlights

Bug fixes / Improvements

Uh oh!

Uh oh!

What's Changed

Contributors

Uh oh!

What's Changed

Contributors

Uh oh!

Uh oh!

Releases: docker/scout-action

v1.6.3

Bug Fixes / Improvements

Contributors

Uh oh!

v1.6.2

Bug Fixes / Improvements

Contributors

Uh oh!

v1.6.1

Highlights

Bug Fixes / Improvements

Contributors

Uh oh!

v1.5.2

Uh oh!

v1.5.0

Highlights

Bug fixes / Improvements

Uh oh!

v1.4.1

Highlights

Bug fixes / Improvements

Uh oh!

v1.3.0

Uh oh!

v1.2.2

What's Changed

Contributors

Uh oh!

v1.2.0

What's Changed

Contributors

Uh oh!

v1.0.9

Uh oh!