I think I understand your point. I don’t know the reason why it was handled like this and I will not attempt to figure it out. Docker could have a reason which we might never know. All I can do is trying to give you more information based on what I know.
I know that there was a blog post about the acquisition of Atomist last year:
but it didn’t mention replacing Snyk.
When I first saw your post days ago and searched for Atomist, I could also find it in the documentation of Docker. I can still find the following URLs in my browser history:
Now the first redirects to https://docs.docker.com/scout/
and the second is to https://www.docker.com/products/docker-scout/
So it was renamed since then, but it still must be atomist possibly changed, integrated more into Docker’s ecosystem.
To be honest I have never heard of Atomist before either. I must have missed the blog post too at that time, so I can understand what you feel.
On the other hand, I don’t think it would be a downgrade in Docker Hub as you mentioned in your first post. The whole story of my presence here on
forums.docker.com started with the need of trying the vulnerability scanning about one and a half years ago. I think I was not sure what was behind the GUI or at least didn’t care. I believe Docker would not downgrade an existing and important feature (unless there is no other way for some reason) as it would affect many users. So I guess you will still get the same features. The question is how good Atomist (Docker Scout) will be at scanning compared to Snyk and I am sure this is why you think understandably that it should have been ccommunicated better so yo can make your decision whether you trust in it or not as you probably knew Snyk before started to pay for Docker Hub’s vulnerability scanning.
At this point we can only test Docker Scout, make a decision now and hope future changes will be made with better communication.
Since I have a PRO account and for me it does not really matter what is resposible for the vulnerability scanning, I will definitely keep it.
In your case, can you share what you expect from Docker Hub’s vulnerability scanning and what you would consider a “downgrade”? If you can share that Someone from Docker or anyone who has an answer could try to help you make your decision.