From e3f66db2fa2318d972bf345ff4c372e867b1865d Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Thu, 31 Oct 2024 13:52:24 +0100
Subject: [PATCH 1/3] scout: scout-cli v1.14.0 release notes
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
content/manuals/scout/release-notes/cli.md | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/content/manuals/scout/release-notes/cli.md b/content/manuals/scout/release-notes/cli.md
index 5c2f9eacc39..e61b250fe90 100644
--- a/content/manuals/scout/release-notes/cli.md
+++ b/content/manuals/scout/release-notes/cli.md
@@ -9,6 +9,19 @@ This page contains information about the new features, improvements, known
issues, and bug fixes in the Docker Scout [CLI plugin](https://github.com/docker/scout-cli/)
and the `docker/scout-action` [GitHub Action](https://github.com/docker/scout-action).
+## 1.14.0
+
+{{< release-date date="2024-09-24" >}}
+
+### New
+
+- Add suppression information at the CVE level in the `docker scout cves` command.
+
+### Bug fixes
+
+- Fix listing CVEs for dangling images, for example: `local://sha256:...`
+- Fix panic when analysing a file system input, for instance with `docker scout cves fs://.`
+
## 1.13.0
{{< release-date date="2024-08-05" >}}
From 0738932e58a6963430da9e9b9b4878989dd4f65e Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Thu, 31 Oct 2024 14:16:30 +0100
Subject: [PATCH 2/3] vendor: github.com/docker/scout-cli v1.15.0
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
.../docker/scout-cli/docs/docker_scout_sbom.yaml | 1 +
.../github.com/docker/scout-cli/docs/scout_cves.md | 6 +++---
.../github.com/docker/scout-cli/docs/scout_sbom.md | 14 +++++++-------
_vendor/modules.txt | 2 +-
go.mod | 4 ++--
go.sum | 2 ++
6 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml
index dd6b1ea8623..7a804e37e9d 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml
@@ -44,6 +44,7 @@ options:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM
+ - cyclonedx: cyclone dx representation of the SBOM
deprecated: false
hidden: false
experimental: false
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
index cd95ab4df42..bdb7f82921d 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
@@ -264,8 +264,8 @@ pkg:apk/alpine/zlib@1.2.12-r1?arch=aarch64&distro=alpine-3.16.1
...
11 vulnerabilities found in 2 packages
- LOW 0
- MEDIUM 8
- HIGH 2
CRITICAL 1
+ HIGH 2
+ MEDIUM 8
+ LOW 0
```
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md b/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md
index bda5eb3d5b8..a335d5f83f2 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md
@@ -5,13 +5,13 @@ Generate or display SBOM of an image
### Options
-| Name | Type | Default | Description |
-|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------|
-| `--format` | `string` | `json` | Output format:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM |
-| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
Can only be used with --format list |
-| `-o`, `--output` | `string` | | Write the report to a file |
-| `--platform` | `string` | | Platform of image to analyze |
-| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive |
+| Name | Type | Default | Description |
+|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `--format` | `string` | `json` | Output format:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM
- cyclonedx: cyclone dx representation of the SBOM |
+| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
Can only be used with --format list |
+| `-o`, `--output` | `string` | | Write the report to a file |
+| `--platform` | `string` | | Platform of image to analyze |
+| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive |
diff --git a/_vendor/modules.txt b/_vendor/modules.txt
index 9c9a249884f..cdd949340b0 100644
--- a/_vendor/modules.txt
+++ b/_vendor/modules.txt
@@ -3,4 +3,4 @@
# github.com/docker/buildx v0.18.0
# github.com/docker/cli v27.3.2-0.20241008150905-cb3048fbebb1+incompatible
# github.com/docker/compose/v2 v2.30.1
-# github.com/docker/scout-cli v1.13.0
+# github.com/docker/scout-cli v1.15.0
diff --git a/go.mod b/go.mod
index 86222084472..7734ed7282f 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
github.com/docker/buildx v0.18.0 // indirect
github.com/docker/cli v27.3.2-0.20241008150905-cb3048fbebb1+incompatible // indirect
github.com/docker/compose/v2 v2.30.1 // indirect
- github.com/docker/scout-cli v1.13.0 // indirect
+ github.com/docker/scout-cli v1.15.0 // indirect
github.com/moby/buildkit v0.17.0 // indirect
github.com/moby/moby v27.3.1+incompatible // indirect
)
@@ -15,7 +15,7 @@ replace (
github.com/docker/buildx => github.com/docker/buildx v0.18.0
github.com/docker/cli => github.com/docker/cli v27.3.1+incompatible
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.30.1
- github.com/docker/scout-cli => github.com/docker/scout-cli v1.13.0
+ github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0
github.com/moby/buildkit => github.com/moby/buildkit v0.17.0
github.com/moby/moby => github.com/moby/moby v27.3.1+incompatible
)
diff --git a/go.sum b/go.sum
index 685216fc85a..90c52f3f406 100644
--- a/go.sum
+++ b/go.sum
@@ -228,6 +228,8 @@ github.com/docker/scout-cli v1.12.0 h1:NhmT4BzL2lYiIk5hPFvK5FzQ8izbLDL3/Rugcyulv
github.com/docker/scout-cli v1.12.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.13.0 h1:RThUM56yooV5izqgMEYQS+a6Yx+vGmZofJwX0qjgkco=
github.com/docker/scout-cli v1.13.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
+github.com/docker/scout-cli v1.15.0 h1:VhA9niVftEyZ9f5KGwKnrSfQOp2X3uIU3VbE/gTVMTM=
+github.com/docker/scout-cli v1.15.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
From d46667290d65ed6cd80d2465cce58bbbec9c861a Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Thu, 31 Oct 2024 14:14:30 +0100
Subject: [PATCH 3/3] scout: scout-cli v1.15.0 release notes
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
content/manuals/scout/release-notes/cli.md | 24 ++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/content/manuals/scout/release-notes/cli.md b/content/manuals/scout/release-notes/cli.md
index e61b250fe90..c43e69e0081 100644
--- a/content/manuals/scout/release-notes/cli.md
+++ b/content/manuals/scout/release-notes/cli.md
@@ -9,6 +9,30 @@ This page contains information about the new features, improvements, known
issues, and bug fixes in the Docker Scout [CLI plugin](https://github.com/docker/scout-cli/)
and the `docker/scout-action` [GitHub Action](https://github.com/docker/scout-action).
+## 1.15.0
+
+{{< release-date date="2024-10-31" >}}
+
+### New
+
+- New `--format=cyclonedx` flag for the `docker scout sbom` to output the SBOM in CycloneDX format.
+
+### Enhancements
+
+- Use high-to-low sort order for CVE summary.
+- Support for enabling and disabling repositories that enabled by `docker scout push` or `docker scout watch`.
+
+### Bug fixes
+
+- Improve messaging when analyzing `oci` directories without attestations.
+ Only single-platform images and multi-platform image _with attestations_ are supported.
+ Multi-platform images without attestations are not supported.
+- Improve classifiers and SBOM indexer:
+ - Add classifier for Liquibase `lpm`.
+ - Add Rakudo Star/MoarVM binary classifier.
+ - Add binary classifiers for silverpeas utilities.
+- Improve reading and caching of attestations with the containerd image store.
+
## 1.14.0
{{< release-date date="2024-09-24" >}}