Docker Scout

Secure your supply chain at every layer, now available in Early Access

Want to learn more? → Talk to an expert.

Supply chain security designed with developers in mind

Docker Scout provides a unified view for securing your container development, including a layer-by-layer view of dependencies, their known vulnerabilities, and recommended remediation paths.

Docker Scout is designed with developers in mind, and integrated into Docker. With Docker Scout, spend less time searching for and fixing vulnerabilities, and more time developing your code.

Docker-scout-screenshot-highres

Docker Scout Benefits

Applications-dependencies-icon
Understand your applications’ dependencies

Understand your applications’ dependencies in each layer of your images, whether they’re in your base image or your application code.

Analyze-vulnerabilities_icon
Analyze the vulnerabilities in your dependencies

Assess the vulnerabilities presented in each dependency by layer, prioritized by severity.

Act-quickly_icon
Act quickly with suggested remediation options

Act quickly on alerts with prioritized suggestions and automated remediation recommendation.

Docker Scout key features and capabilities

Unified-view_icon
Unified view into software composition analysis

With one view, your application’s direct and transitive dependencies from all layers are visible. This layer-based view not only makes remediation next steps clear, it also builds understanding of image composition.

Event-driven_icon
Event-driven vulnerability updates

Vulnerabilities are detected and surfaced on a continuous basis by the event-driven data model powering Docker Scout. When a new CVE is released, Docker Scout uses your image’s SBOM to check whether there’s a positive correlation between your image and your CVE – so your recommendations are always up to date.

In-context-remediation_icon
In-context remediation recommendations

Integrated recommendations are visible in Docker Desktop. Docker Scout recommends remediation options for base image updates, as well as dependency updates within your application code layers.

Get started today

Want to try it out?

Get started using Docker Scout to better understand your software and develop more securely.

Download Docker Desktop

Docker Scout features are available on Docker Hub and in Docker Desktop 4.17.

Docker Scout

Create your subscription by selecting the features and number of people who need to use them.

Free

per user / per month

Not ready to buy today? Click here to connect with a Docker Scout expert.

What's Included

Image analysis

Guided remediation

CVE event matching

Artifactory integration

Notifications for new CVEs*

Secret detection*

OSS license auditing*

Image comparison*

Secure image build service*

Package update notifications*

Checks on PRs*

Automated PRs*

Data reporting API*

VEX integration*

Policy definition*

Policy enforcement*

FAQ

Does Docker Scout update regularly?

Docker Scout is built on a streaming event-driven data model, providing actionable CVE reports. Once the SBOM is generated and exists, Docker Scout automatically checks between existing SBOMs and new CVEs. You will see automatic updates for new CVEs without re-scanning artifacts.

How will remediation recommendations differ based on the layer of the vulnerability?

If a vulnerability is present in the base image, Docker Scout will check for any updated or patched base images and make recommendations to replace the base image. If a vulnerability is present in other layers, Docker Scout will indicate exactly where the vulnerability is introduced, and make recommendations accordingly.

How is Docker Scout using an SBOM?

An SBOM, or software bill of materials, is a nested inventory, a list of ingredients that make up software components. An SBOM is used during builds to create a software bill of materials. Docker Scout uses SBOMs to cross-reference with streaming CVE data to surface vulnerabilities (and potential remediation) as soon as possible.

What is DSO and how is it used?

DSO, or dso.docker.com, is a database of vulnerabilities affecting images based on other leading CVE databases. DSO is the primary channel for mapping incoming CVEs to the vulnerabilities in images that are surfaced by Docker Scout.

Will Docker Scout give me recommended next steps on how to remediate?

Yes, Docker Scout gives remediation recommendations when they are available.

What makes Docker Scout different from other tools?

While there are similarities and differences between all tools of this nature, Docker Scout stands out by offering both visibility into the dependencies called in specific layers of the images, and remediation options directly in existing developer workflows.

Will I still be able to use other security tools, such as Snyk, with Docker?

Yes. Docker is committed to supporting developers and their favorite tools and will continue to offer flexible integration whenever possible. Some security tools provide Docker Extensions to make integration even easier.