Skip to content
This repository has been archived by the owner on Nov 29, 2023. It is now read-only.

Releases: docker/scan-cli-plugin

v0.5.0

07 Dec 14:19
5a09266
Compare
Choose a tag to compare

Add support of Snyk --group-issues flag for json output

v0.4.0

03 Dec 14:33
9e56383
Compare
Choose a tag to compare

Remove support of Snyk --fail-on flag

v0.3.6

01 Dec 21:27
ebe74ef
Compare
Choose a tag to compare

Add support of Snyk --severity-threshold flag
Add support of Snyk --fail-on flag

v0.3.5

28 Oct 14:01
8a286f2
Compare
Choose a tag to compare

Improve error message when the config file doesn't exist or is corrupted

v0.3.4

22 Sep 08:47
e69d4a0
Compare
Choose a tag to compare
v0.3.4 Pre-release
Pre-release

Fixed Snyk UTM
Fixed disabling Snyk update notification

v0.3.3

07 Sep 16:27
1bab774
Compare
Choose a tag to compare
  • Added UTM for snyk
  • Added a message to warn the user he/she's using an old version of snyk and should update.

v0.3.2

27 Aug 11:44
1e69e70
Compare
Choose a tag to compare

Works with at least https://github.com/snyk/snyk/releases/tag/v1.383.1

We change the value of default environment variables NO_UPDATE_NOTIFIER & SNYK_CFG_DISABLESUGGESTIONS
No UX or functional changes in this release.

v0.3.1

26 Aug 15:48
99ce224
Compare
Choose a tag to compare

Works with at least https://github.com/snyk/snyk/releases/tag/v1.383.1

We change the way we shell out the scan command to Snyk CLI.
No UX or functional changes in this release.

v0.3.0

25 Aug 16:29
b8ee514
Compare
Choose a tag to compare

Works with at least https://github.com/snyk/snyk/releases/tag/v1.383.1

  • --login replace the --auth command
  • --token flag was added to use with the --login command to specify an existing third party provider token
  • --reject-license replace the --disable flag to opt-out
  • --accept-license replace the --enable flag to opt-in. This flag should be use in a CI context.
Usage:	docker scan [OPTIONS] IMAGE

A tool to scan your images

Options:
      --accept-license    Accept using a third party scanning provider
      --dependency-tree   Show dependency tree with scan results
      --exclude-base      Exclude base image from vulnerability scanning (requires --file)
  -f, --file string       Dockerfile associated with image, provides more detailed results
      --json              Output results in JSON format
      --login             Authenticate to the scan provider using an optional token (with --token), or web base token if empty
      --reject-license    Reject using a third party scanning provider
      --token string      Authentication token to login to the third party scanning provider
      --version           Display version of the scan plugin

This version is production ready, no need to setup the staging environment anymore

This release will be available in Docker Desktop v2.3.6.0

v0.2.0

31 Jul 08:50
dd88d71
Compare
Choose a tag to compare

First beta

Works with at least https://github.com/snyk/snyk/releases/tag/v1.369.0

  • Added snyk free scans authentication
  • Added --auth, --version and scan commands
Usage:	docker scan [OPTIONS] IMAGE

A tool to scan your docker image

Options:
      --auth              Authenticate to the scan provider using an optional token, or web base token if empty
      --dependency-tree   Show dependency tree before scan results
      --disable           Refuse user consent
      --enable            Accept user consent
      --exclude-base      Exclude base image from vulnerabiliy scanning (needs to provide a Dockerfile using --file)
  -f, --file string       Provide the Dockerfile for better scan results
      --json              Display results with JSON format
      --version           Display version of scan plugin

⚠️ To use this plugin with free scans, one need to set this environment variable: DOCKER_SCAN_HUB_INSTANCE=staging

Example:

$ DOCKER_SCAN_HUB_INSTANCE=staging docker scan nginx
...

Also need to run the following command for snyk:

$ /Applications/Docker.app/Contents/Resources/snyk/docker/snyk-mac.sh config:set endpoint=https://dev.snyk.io/api/v1

And if you already have been logged with your snyk account:

$ /Applications/Docker.app/Contents/Resources/snyk/docker/snyk-mac.sh config:unset api

⚠️ You also need to be logged in to hub staging (as the snyk CLI points to staging JWT keys for the moment)

 $ docker login index-stage.docker.io -u USERNAME