Vulnerability Scanning with Docker Scout

Learn about Docker Scout, a tool that detects vulnerabilities in Docker images, offering insights and remediation steps.

Docker Scout

Lots of tools and plugins exist that scan images for known vulnerabilities. We’ll look at Docker Scout, as it’s built into almost every level of Docker, including the CLI, Docker Desktop, Docker Hub, and the  scout.docker.com  portal. It’s a very slick service, but it requires a paid subscription. Other similar products and services exist, but most require paid subscriptions.

Recent versions of Docker Desktop have the Scout CLI plugin pre-installed and ready to go. If you’re running a different version of Docker, you may be able to install the CLI plugin from the  GitHub repo. You can use the docker scout quickview command to get a quick vulnerability overview of an image. The following command analyses the nigelpoulton/tu-demo:latest image. If a local copy doesn’t exist, it pulls it from Docker Hub and performs the analysis locally.

Note: We’ve not provided a playground in this lesson as this command requires a paid subscription.

Get hands-on with 1200+ tech skills courses.