Merge bcd2f9d into a115e2e

dist/docker-scout_1.13.0_checksums.txt

@@ -0,0 +1,6 @@
+f82ab81c7343836909daeb0decf0a28df86daa9a121fc6b7345aab271b802a2e docker-scout_1.13.0_darwin_amd64.tar.gz
+76fca3a366f5f566594a06a2078e45da6ba12381c306b7efeca5e8016e995cdf docker-scout_1.13.0_darwin_arm64.tar.gz
+0ad88fe202b9308bcca248e9e870e1052db1d1d8186553de6b1f1d3b9164ad77 docker-scout_1.13.0_linux_amd64.tar.gz
+2480722c799ff8e6d28273ee1d5c9f2a5018981213d6beebc80ffbfcc4338890 docker-scout_1.13.0_linux_arm64.tar.gz
+fcbc4d3c41a8403e9b85e781f0dccb0cb51c9cd7520d16cefe3700feb4e3624f docker-scout_1.13.0_windows_amd64.zip
+6105bcea072d3861cc92c47e3970e84fcec2e2608f81f2f286a9b22c782291ab docker-scout_1.13.0_windows_arm64.zip

docs/docker_scout_compare.yaml

@@ -136,6 +136,16 @@ options:
  experimentalcli: false
  kubernetes: false
  swarm: false
+ - option: only-policy
+ value_type: stringSlice
+ default_value: '[]'
+ description: Comma separated list of policies to evaluate
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
  - option: only-severity
  value_type: stringSlice
  default_value: '[]'

docs/docker_scout_cves.yaml

@@ -124,6 +124,17 @@ options:
  experimentalcli: false
  kubernetes: false
  swarm: false
+ - option: ignore-suppressed
+ value_type: bool
+ default_value: "false"
+ description: |
+ Filter CVEs found in Scout exceptions based on the specified exception scope
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
  - option: locations
  value_type: bool
  default_value: "false"

docs/docker_scout_policy.yaml

@@ -30,6 +30,16 @@ options:
  experimentalcli: false
  kubernetes: false
  swarm: false
+ - option: only-policy
+ value_type: stringSlice
+ default_value: '[]'
+ description: Comma separated list of policies to evaluate
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
  - option: org
  value_type: string
  description: Namespace of the Docker organization

docs/docker_scout_quickview.yaml

@@ -46,6 +46,17 @@ options:
  experimentalcli: false
  kubernetes: false
  swarm: false
+ - option: ignore-suppressed
+ value_type: bool
+ default_value: "false"
+ description: |
+ Filter CVEs found in Scout exceptions based on the specified exception scope
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
  - option: latest
  value_type: bool
  default_value: "false"
@@ -56,6 +67,16 @@ options:
  experimentalcli: false
  kubernetes: false
  swarm: false
+ - option: only-policy
+ value_type: stringSlice
+ default_value: '[]'
+ description: Comma separated list of policies to evaluate
+ deprecated: false
+ hidden: false
+ experimental: false
+ experimentalcli: false
+ kubernetes: false
+ swarm: false
  - option: only-vex-affected
  value_type: bool
  default_value: "false"

docs/scout_compare.md

@@ -19,6 +19,7 @@ Compare two images and display differences (experimental)
 | `--multi-stage` | | | Show packages from multi-stage Docker builds |
 | `--only-fixed` | | | Filter to fixable CVEs |
 | `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
+| `--only-policy` | `stringSlice` | | Comma separated list of policies to evaluate |
 | `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
 | `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
 | `--only-unfixed` | | | Filter to unfixed CVEs |

docs/scout_cves.md

@@ -19,6 +19,7 @@ Display CVEs identified in a software artifact
 | `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
 | `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- spdx: json SPDX output<br>- gitlab: json GitLab output<br>- markdown: markdown output (including some html tags like collapsible sections)<br>- sbom: json SBOM output<br> |
 | `--ignore-base` | | | Filter out CVEs introduced from base image |
+| `--ignore-suppressed` | | | Filter CVEs found in Scout exceptions based on the specified exception scope |
 | `--locations` | | | Print package locations including file paths and layer diff_id |
 | `--multi-stage` | | | Show packages from multi-stage Docker builds |
 | `--only-base` | | | Only show CVEs introduced by the base image |

docs/scout_policy.md

@@ -5,14 +5,15 @@ Evaluate policies against an image and display the policy evaluation results (ex
 
 ### Options
 
-| Name | Type | Default | Description |
-|:--------------------|:---------|:--------|:------------------------------------------------------------|
-| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise |
-| `--org` | `string` | | Namespace of the Docker organization |
-| `-o`, `--output` | `string` | | Write the report to a file |
-| `--platform` | `string` | | Platform of image to pull policy results from |
-| `--to-env` | `string` | | Name of the environment to compare to |
-| `--to-latest` | | | Latest image processed to compare to |
+| Name | Type | Default | Description |
+|:--------------------|:--------------|:--------|:------------------------------------------------------------|
+| `-e`, `--exit-code` | | | Return exit code '2' if policies are not met, '0' otherwise |
+| `--only-policy` | `stringSlice` | | Comma separated list of policies to evaluate |
+| `--org` | `string` | | Namespace of the Docker organization |
+| `-o`, `--output` | `string` | | Write the report to a file |
+| `--platform` | `string` | | Platform of image to pull policy results from |
+| `--to-env` | `string` | | Name of the environment to compare to |
+| `--to-latest` | | | Latest image processed to compare to |
 
 
 <!---MARKER_GEN_END-->

docs/scout_quickview.md

@@ -12,7 +12,9 @@ Quick overview of an image
 | Name | Type | Default | Description |
 |:----------------------|:--------------|:--------|:--------------------------------------------------------------------------------------------------------|
 | `--env` | `string` | | Name of the environment |
+| `--ignore-suppressed` | | | Filter CVEs found in Scout exceptions based on the specified exception scope |
 | `--latest` | | | Latest indexed image |
+| `--only-policy` | `stringSlice` | | Comma separated list of policies to evaluate |
 | `--only-vex-affected` | | | Filter CVEs by VEX statements with status not affected |
 | `--org` | `string` | | Namespace of the Docker organization |
 | `-o`, `--output` | `string` | | Write the report to a file |