Docker Scout
Secure your supply chain at every layer, now available in Early Access
Want to learn more? → Talk to an expert.
Supply chain security designed with developers in mind
Docker Scout provides a unified view for securing your container development, including a layer-by-layer view of dependencies, their known vulnerabilities, and recommended remediation paths.
Docker Scout is designed with developers in mind, and integrated into Docker. With Docker Scout, spend less time searching for and fixing vulnerabilities, and more time developing your code.
Docker Scout Benefits
Understand your applications’ dependencies
Understand your applications’ dependencies in each layer of your images, whether they’re in your base image or your application code.
Analyze the vulnerabilities in your dependencies
Assess the vulnerabilities presented in each dependency by layer, prioritized by severity.
Act quickly with suggested remediation options
Act quickly on alerts with prioritized suggestions and automated remediation recommendation.
Docker Scout key features and capabilities
Unified view into software composition analysis
With one view, your application’s direct and transitive dependencies from all layers are visible. This layer-based view not only makes remediation next steps clear, it also builds understanding of image composition.
Event-driven vulnerability updates
Vulnerabilities are detected and surfaced on a continuous basis by the event-driven data model powering Docker Scout. When a new CVE is released, Docker Scout uses your image’s SBOM to check whether there’s a positive correlation between your image and your CVE – so your recommendations are always up to date.
In-context remediation recommendations
Integrated recommendations are visible in Docker Desktop. Docker Scout recommends remediation options for base image updates, as well as dependency updates within your application code layers.
Get started today
Want to try it out?
Get started using Docker Scout to better understand your software and develop more securely.
Download Docker Desktop
Docker Scout features are available on Docker Hub and in Docker Desktop 4.17.
Docker Scout
Create your subscription by selecting the features and number of people who need to use them.
What's Included
Image analysis
Guided remediation
CVE event matching
Artifactory integration
Notifications for new CVEs*
Secret detection*
OSS license auditing*
Image comparison*
Secure image build service*
Package update notifications*
Checks on PRs*
Automated PRs*
Data reporting API*
VEX integration*
Policy definition*
Policy enforcement*
FAQ
Does Docker Scout update regularly?
Docker Scout is built on a streaming event-driven data model, providing actionable CVE reports. Once the SBOM is generated and exists, Docker Scout automatically checks between existing SBOMs and new CVEs. You will see automatic updates for new CVEs without re-scanning artifacts.
How will remediation recommendations differ based on the layer of the vulnerability?
If a vulnerability is present in the base image, Docker Scout will check for any updated or patched base images and make recommendations to replace the base image. If a vulnerability is present in other layers, Docker Scout will indicate exactly where the vulnerability is introduced, and make recommendations accordingly.
How is Docker Scout using an SBOM?
An SBOM, or software bill of materials, is a nested inventory, a list of ingredients that make up software components. An SBOM is used during builds to create a software bill of materials. Docker Scout uses SBOMs to cross-reference with streaming CVE data to surface vulnerabilities (and potential remediation) as soon as possible.
What is DSO and how is it used?
DSO, or dso.docker.com, is a database of vulnerabilities affecting images based on other leading CVE databases. DSO is the primary channel for mapping incoming CVEs to the vulnerabilities in images that are surfaced by Docker Scout.
Will Docker Scout give me recommended next steps on how to remediate?
Yes, Docker Scout gives remediation recommendations when they are available.
What makes Docker Scout different from other tools?
While there are similarities and differences between all tools of this nature, Docker Scout stands out by offering both visibility into the dependencies called in specific layers of the images, and remediation options directly in existing developer workflows.
Will I still be able to use other security tools, such as Snyk, with Docker?
Yes. Docker is committed to supporting developers and their favorite tools and will continue to offer flexible integration whenever possible. Some security tools provide Docker Extensions to make integration even easier.