Is there an API to access Hub Vulnerability Scanning results?

[stevekrouse]

I see how to access these results in the web interface here: https://docs.docker.com/docker-hub/vulnerability-scanning/

Is there a public API to pull these results, possibly through Snyk?

[shawnaxsom]

Hey Steve! We are considering a public official REST API for Docker Hub, and the vulnerability scanning features would likely be included at some point. Please see the related roadmap issue, here, and feel free to give your input or subscribe to notifications: docker/roadmap#20

[TyeMcQueen]

A way to get the full list would be very useful, even if not part of a full API.

In the short term, can we at least get an option to show more than 10 per page in the web? My first scan reports 133 High vulnerabilities but on the first page, the 10 shown constitute duplicates of just 2 vulnerabilities (showing different paths to get to the vulnerability).

I'd like to be able to see how many unique vulnerabilities there are and also, focus on the ones that have a fix identified. This is nearly impossible by scrolling through over a dozen pages of stuff.

So there is a lot of room for improvement on the UI (and API). But just a quick fix to allow one to see at least 100 on one page would be a huge improvement. I could work with that in the short term.

[shawnaxsom]

That makes sense, thanks for the feedback. I'll share it with the team working on the vulnerability scanning features.

[github-actions]

We are clearing up our old issues and your ticket has been open for 6 months with no activity. Remove stale label or comment or this will be closed in 15 days.