Tested, trusted & part of my daily flow.
🛸 Proton VPN – Private Connection
🔐 Proton Pass – Encrypted Passwords
*Partner links — support DevOps Compass 💜
Need answers fast? Your friendly Spider-Dev is live on Discord:
Mastering Docker Scout through Docker Desktop GUI and CLI
Docker Scout has made the intricate realm of container security much more navigable by presenting a cohesive look at both direct and transitive dependencies across all image layers. For a more in-depth analysis of Docker Scout’s revolutionary role in container security, I encourage you to check out my previous piece titled Docker Scout is the Game-Changer in Container Security.
In this current article, we move from theory to practice as we showcase Docker Scout in live action, allowing you to witness first-hand its innovative capabilities. I’ll demonstrate Mastering Docker Scout through Docker Desktop GUI and CLI using Docker Desktop and Command Line Interface (CLI).
Docker Scout meticulously scrutinizes the contents of an image, producing a comprehensive report outlining detected packages and vulnerabilities. Not only does it identify potential issues, but it also furnishes you with actionable remedies to address these discovered shortcomings. Additionally, Docker Scout enables you to access updates for your base image, along with suggested tags and digests. This tool further enhances your management capabilities by allowing you to filter images based on vulnerability data.
Installing Docker Scout
In order to utilize Docker Scout, it’s necessary to have Docker Desktop installed on your system. This platform is available across Linux, macOS, and Windows operating systems. The installation of Docker Desktop also comes with the Docker CLI tool, equipping you with everything you need to start using Docker Scout.
Download Docker Desktop from the official Docker website if you do not have it installed yet.
Installing Docker Scout on a Server
To effortlessly deploy Docker Scout on your server, simply execute the following command:
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --Manual Installation
Download the docker-scout binary corresponding to your platform from the latest or other releases.
- Uncompress Docker Scout as:
docker-scouton Linux and macOSdocker-scout.exeon Windows
- Copy Docker Scout in your local CLI plugin directory:
$HOME/.docker/cli-pluginson Linux and macOS%USERPROFILE%\.docker\cli-pluginson Windows
- Make Docker Scout executable on Linux and macOS:
chmod +x $HOME/.docker/cli-plugins/docker-scout
- Authorize the binary to be executable on macOS:
xattr -d com.apple.quarantine $HOME/.docker/cli-plugins/docker-scout
Mastering Docker Scout via Docker Desktop GUI
Ensure that you’re operating the most recent version of Docker Desktop and navigate to the “Images” section in the menu.
NOTEIn this guide, we will conduct a thorough examination of the security vulnerabilities associated with the Mattermost image.
For a more comprehensive look at how to install Mattermost using Docker Compose, I encourage you to check out my detailed guide titled, Installing Mattermost with Docker Compose.
Under the “Local” tab, you’ll find all the images available on your system. If you notice an absence of images, you have the option to acquire one using the docker pull command.
Click on the image that you wish to check for vulnerabilities.
On the “Vulnerabilities” tab, you will see a report about all security issues in the image.
Next, you can click “Recommended fixes” and select “Recommendations for base image” to check for recommendations.
In this case, you might consider refresh your base image.
See recommendations on the “Refresh base image” tab.
Or completely change the base image.
See recommendations on the “Change base image” tab.
Mastering Docker Scout via CLI
In this part, we’ll explore some of the key commands that are integral to Docker Scout CLI’s functionality:
docker scout quickview: This command provides a succinct summary of an image, enabling you to get a quick understanding of its main features.
docker scout cves: This command reveals the Common Vulnerabilities and Exposures (CVEs) detected for any software artifacts found within an image, keeping you informed about potential security risks.
docker scout recommendations: With this command, you’ll receive a list of all possible base image updates and remediation suggestions, guiding you on how to improve your container security and efficiency.
docker scout compare: This command allows you to compare two distinct images, highlighting their differences. This feature is particularly useful when you’re tracking changes or considering updates.
By understanding and utilizing these Docker Scout CLI commands, you can significantly enhance your container management and security practices.
NOTEThis guide walks you through connecting to a server with the iTerm2 terminal emulator on macOS.
We will conduct a thorough examination of the security vulnerabilities associated with the Mattermost image.
For a more comprehensive look at how to install Mattermost using Docker Compose, I encourage you to check out my detailed guide titled, Installing Mattermost with Docker Compose.
Let’s see a summary of an image, enabling you to get a quick understanding of its main features using the command:
docker scout quickview mattermost/mattermost-team-edition:release-7.11
Next, let’s reveal the Common Vulnerabilities and Exposures (CVEs) detected for any software artifacts found within an image using the command:
docker scout cves mattermost/mattermost-team-edition:release-7.11
Let’s get a list of all possible base image updates and remediation suggestions using the command:
docker scout recommendations mattermost/mattermost-team-edition:release-7.11
Let’s scroll up to see more details.
Now, let’s compare try to compare images highlighting their differences. In this case, we will compare two different releases of Mattermost.
docker scout compare --to mattermost/mattermost-team-edition:release-7.11 mattermost/mattermost-team-edition:release-7.10
Let’s scroll up to see more details.
Mastering Docker Scout via CLI in the Container
In this part, we’ll explore a way how to use Docker Scout in the Container.
NOTEThis guide walks you through connecting to a server with the iTerm2 terminal emulator on macOS.
We will conduct a thorough examination of the security vulnerabilities associated with the Mattermost image.
For a more comprehensive look at how to install Mattermost using Docker Compose, I encourage you to check out my detailed guide titled, Installing Mattermost with Docker Compose.
Let’s see a summary of an image, enabling you to get a quick understanding of its main features using the command:
docker run -it \ -e DOCKER_SCOUT_HUB_USER=YOUR_DOCKER_HUB_USER_NAME \ -e DOCKER_SCOUT_HUB_PASSWORD=YOUR_DOCKER_HUB_PASSWORD_OR_ACCESS_TOKEN \ docker/scout-cli quickview mattermost/mattermost-team-edition:release-7.11
Next, let’s reveal the Common Vulnerabilities and Exposures (CVEs) detected for any software artifacts found within an image using the command:
docker run -it \ -e DOCKER_SCOUT_HUB_USER=YOUR_DOCKER_HUB_USER_NAME \ -e DOCKER_SCOUT_HUB_PASSWORD=YOUR_DOCKER_HUB_PASSWORD_OR_ACCESS_TOKEN \ docker/scout-cli cves mattermost/mattermost-team-edition:release-7.11
Let’s get a list of all possible base image updates and remediation suggestions using the command:
docker run -it \ -e DOCKER_SCOUT_HUB_USER=YOUR_DOCKER_HUB_USER_NAME \ -e DOCKER_SCOUT_HUB_PASSWORD=YOUR_DOCKER_HUB_PASSWORD_OR_ACCESS_TOKEN \ docker/scout-cli recommendations mattermost/mattermost-team-edition:release-7.11
Now, let’s compare try to compare images highlighting their differences. In this case, we will compare two different releases of Mattermost.
docker run -it \ -e DOCKER_SCOUT_HUB_USER=YOUR_DOCKER_HUB_USER_NAME \ -e DOCKER_SCOUT_HUB_PASSWORD=YOUR_DOCKER_HUB_PASSWORD_OR_ACCESS_TOKEN \ docker/scout-cli compare \ --to mattermost/mattermost-team-edition:release-7.11 \ mattermost/mattermost-team-edition:release-7.10
Let’s scroll up to see more details.
Conclusion
And there you have it - a comprehensive walkthrough on harnessing Docker Scout via both the Docker Desktop GUI and the CLI. If maintaining the utmost security of your containers is high on your priority list - and it certainly should be - the immediate integration of this potent tool into your workflow is highly advisable. With Docker Scout, you’re not just enhancing security; you’re investing in the resilience and robustness of your container architecture.
Patreon Exclusives
🏆 Join my Patreon and dive deep into the world of Docker and DevOps with exclusive content tailored for IT enthusiasts and professionals. As your experienced guide, I offer a range of membership tiers designed to suit everyone from newbies to IT experts.
Tools I Personally Trust
If you’re building things, breaking things, and trying to keep your digital life a little saner (like every good DevOps engineer), these are two tools that I trust and use daily:
🛸 Proton VPN - My shield on the internet. It keeps your Wi-Fi secure, hides your IP, and blocks those creepy trackers. Even if I’m hacking away on free café Wi-Fi, I know I’m safe.
🔑 Proton Pass - My password vault. Proper on-device encryption, 2FA codes, logins, secrets - all mine and only mine. No compromises.
These are partner links - you won’t pay a cent more, but you’ll be supporting DevOps Compass. Thanks a ton - it helps me keep this compass pointing the right way 💜
Gear & Books I Trust
📕 Essential DevOps books
🖥️ Studio streaming & recording kit
📡 Streaming starter kit
Social Channels
🎬 YouTube
🐦 X (Twitter)
🎨 Instagram
🐘 Mastodon
🧵 Threads
🎸 Facebook
🦋 Bluesky
🎥 TikTok
💻 LinkedIn
📣 daily.dev Squad
✈️ Telegram
🐈 GitHub
Community of IT Experts
👾 Discord
Refill My Coffee Supplies
💖 PayPal
🏆 Patreon
🥤 BuyMeaCoffee
🍪 Ko-fi
💎 GitHub
⚡ Telegram Boost
🌟 Bitcoin (BTC): bc1q2fq0k2lvdythdrj4ep20metjwnjuf7wccpckxc
🔹 Ethereum (ETH): 0x76C936F9366Fad39769CA5285b0Af1d975adacB8
🪙 Binance Coin (BNB): bnb1xnn6gg63lr2dgufngfr0lkq39kz8qltjt2v2g6
💠 Litecoin (LTC): LMGrhx8Jsx73h1pWY9FE8GB46nBytjvz8g
Is this content AI-generated?
No. Every article on this blog is written by me personally, drawing on decades of hands-on IT experience and a genuine passion for technology.
I use AI tools exclusively to help polish grammar and ensure my technical guidance is as clear as possible. However, the core ideas, strategic insights, and step-by-step solutions are entirely my own, born from real-world work.
Because of this human-and-AI partnership, some detection tools might flag this content. You can be confident, though, that the expertise is authentic. My goal is to share road-tested knowledge you can trust.