Issue type

When running Docker Scout from the CLI in a Windows + WSL2 setup, I keep getting prompted to log in, even after a successful docker login. Has anyone else run into this issue?

OS Version / Build

• Windows 11
• WSL2: Ubuntu 22.04

App version

Docker CLI (executed inside WSL2)

Client:
 Version:           28.2.2
 API version:       1.50
 Go version:        go1.23.1
 Git commit:        28.2.2-0ubuntu1~22.04.1
 Built:             Wed Sep 10 14:50:16 2025
 OS/Arch:           linux/amd64
 Context:           default

Docker Desktop

Version: Docker Desktop 4.66.1 (222799)

Engine:
 Version:          29.3.1
 API version:      1.54 (minimum version 1.40)
 Go version:       go1.25.8
 Git commit:       f78c987
 Built:            Wed Mar 25 16:13:48 2026
 OS/Arch:          linux/amd64
 Experimental:     false

containerd:
 Version:          v2.2.1
 GitCommit:        dea7da592f5d1d2b7755e3a161be07f43fad8f75

runc:
 Version:          1.3.4
 GitCommit:        v1.3.4-0-gd6d73eb8

docker-init:
 Version:          0.19.0
 GitCommit:        de40ad0

Docker Scout

version: v1.20.3 (go1.25.5 - linux/amd64)
git commit: 3d7473c3cd29fc1c10c7915445efd2f9f00929f5

Steps to reproduce

1. Log in to Docker from WSL2 using a Personal Access Token:

   docker login -u user
   

2. Pull an image from my personal repository on Docker Hub:

   docker pull liviu152/docker-scout:v1
   

3. Try to run Docker Scout against that image:

   docker scout quickview liviu152/docker-scout:v1
   

Actual behavior

Docker Scout keeps asking for login and does not reuse the successful Docker CLI authentication.

Log in with your Docker ID or email address to use docker scout.

If you don't have a Docker ID, head over to https://hub.docker.com to
create one. You can log in with your password or a Personal Access Token (PAT)
by running docker login.
Using a limited-scope PAT grants better security and is required for organizations
using SSO. Learn more at https://docs.docker.com/go/access-tokens/

You can also log in using Docker Desktop.

This happens even though:

• docker login succeeds
• the image can be pulled successfully
• Docker CLI reports the correct logged-in username

Expected behavior

Docker Scout should reuse the existing Docker CLI authentication context and allow scanning from WSL2 CLI without requiring Docker Desktop login interaction.

Additional context

• Authentication was done with a Personal Access Token (PAT)
• The image is hosted in my personal repository: liviu152/docker-scout:v1
• The image can be pulled successfully from WSL2
• Docker Scout works through Docker Desktop GUI, but not from WSL2 CLI
• I found this related forum post: https://forums.docker.com/t/docker-scout-fails-to-run-from-cli-and-asks-for-login/150164

Question

Is Docker Scout CLI in WSL2 expected to work with docker login authentication, or is Docker Desktop authentication currently required for this setup?

The output of the client version can’t be right. Are you sure wsl integration is enabled for this distro, and there is no docker other docker installation inside the distro? It appears to be the case.

Please share the output of docker info.

Hi, many thanks for the quick reply. Indeed you feeling was right. First I’ve tried to install docker scout plug-in manually in WSL2 $HOME/.docker/scout, as mentioned here, then I went for Docker Desktop solution, without removing the first plug-in installation.

After removing the first installation from HOME/.docker/cli-plugins/docker-scout, now the plugins are pointing all to Docker Desktop and Docker Scout works from WSL2

But still, can be Scout or other plug-ins used without having Docker Desktop ?

Thanks for hint

The docs say it can:

The Docker Scout CLI plugin comes pre-installed with Docker Desktop.

If you run Docker Engine without Docker Desktop, Docker Scout doesn’t come pre-installed, but you can install it as a standalone binary.

I just installed the scout cli plugin (v1.20.3) on a standalone docker-ce (v29.3.1) installation:

curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
sh install-scout.sh

I can run docker scout cves alpine:latest.

Then I tested with Docker Desktop. The pre-installed scout cli plugin work like a charm. After installing the update with the commands from above, the cli plugin gives me the same error you see.

After removing the self-installed plugin version again with rm ~/.docker/cli-plugins/docker-scout, the pre-installed plugin is used and it works again.

Hi, I’ve tried your steps as well:

cli plugin (v1.20.3) on a standalone docker-ce (v29.3.1)

But I still get the same error. I’ve tried to use the plugin from 2 paths - same error :

• /home/user/.docker/cli-plugins/docker-scout and
• /usr/libexec/docker/cli-plugins/

Here is my output from docker info

Note: I’ve started from scratch

Client: Docker Engine - Community
 Version:    29.3.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.31.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v5.1.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose
  scout: Docker Scout (Docker Inc.)
    Version:  v1.20.3
    Path:     /home/liviu_tomo/.docker/cli-plugins/docker-scout

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 1
 Server Version: 29.3.1
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 301b2dac98f15c27117da5c8af12118a041a31d9
 runc version: v1.3.4-0-gd6d73eb8
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.6.87.2-microsoft-standard-WSL2
 Operating System: Ubuntu 22.04.5 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 14
 Total Memory: 15.35GiB
 Name: HYB-FhvAmcU5fdg
 ID: 2a4b6d46-3833-4f17-999d-e9f0e859ce1b
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: liviutomoiaga19390
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false
 Firewall Backend: iptables

I’ve done some extra tests.

Is there a link between docker service and scout plugin ? Or better said, a limitation of docker scout ?

Apparently, the Docker Scout CLI plugin (v1.20.3) can work with standalone Docker CE (v29.3.1) only while the Docker daemon is not running. Once the daemon is started, the authentication prompt appears again.

Seems to be an issue with v1.20.3 → [Bug] v1.20.3 breaks standalone WSL authentication due to false Docker Desktop proxy detection · Issue #223 · docker/scout-cli

I would have thought it’s maybe because of the credStore configured in ~/.docker/config.json.

But somehow Docker Desktop gets detected (regardless whether it’s running or not), even though I tried in a Distro where WSL-integration was never enabled for.

During my test in an Ubuntu VM, docker-ce was running.

It was not in a wsl distribution. For me inside WSL Distro it fails regardless Docker Desktop is running or not. Regardless whether the distro has or had WSL-integration enabled at one point, or never.