With the latest Docker Desktop 4.17 release, the Docker team introduced Docker Scout. Docker Scout is a collection of software supply chain features that appear throughout Docker user interfaces and the command line interface (CLI). These features provide detailed insights into the composition and security of container images.
How is Docker Scout different from other security tools?
There are various security tools available today in the market. While there are similarities and differences between all tools of this nature, Docker Scout stands out by offering both visibility into the dependencies called in specific layers of the images, and remediation options directly in existing developer workflows. Particularly, Advanced image analysis not only lets you analyze the vulnerabilities in your dependencies but also provides you with remediation options that help you to act quickly.
If a vulnerability is present in the base image, Docker Scout will check for any updated or patched base images and make recommendations to replace the base image. If a vulnerability is present in other layers, Docker Scout will indicate exactly where the vulnerability is introduced, and make recommendations accordingly.
Docker Scout is designed with developers in mind and integrated into Docker. With Docker Scout, spend less time searching for and fixing vulnerabilities, and more time developing your code. Docker is building Docker Scout to sit as a layer on top of the Docker ecosystem to help developers build and maintain a secure software supply chain. Right now, Docker is focussed on helping with vulnerability remediation; we think our CVE-to-package matching (using PURLs to help avoid false positives) and our SBOM-to-CVEdb matching (no need to rescan) are both nice improvements to the current Developer experience.