Skip to content

scout: update scout cli release notes #23313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
craig-osterhout merged 1 commit into from
Aug 27, 2025
Merged

scout: update scout cli release notes #23313

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 77 additions & 0 deletions content/manuals/scout/release-notes/cli.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,83 @@ This page contains information about the new features, improvements, known
issues, and bug fixes in the Docker Scout [CLI plugin](https://github.com/docker/scout-cli/)
and the `docker/scout-action` [GitHub Action](https://github.com/docker/scout-action).

## 1.18.3

{{< release-date date="2025-08-13" >}}

### New

- Add `docker scout vex get` command to retrieve a merged VEX document from all VEX attestations.

### Bug fixes

- Minor fixes for Docker Hardened Images (DHI).

## 1.18.2

{{< release-date date="2025-07-21" >}}

### New

- Add `--skip-tlog` flag to `docker scout attest get` to skip signature verification against the transparency log.

### Enhancements

- Add predicate type human-readable names for DHI FIPS and STIG attestations.

### Bug fixes

- Do not filter CVEs that are marked with a VEX `under_investigation` statement.
- Minor fixes for Docker Hardened Images (DHI).

## 1.18.1

{{< release-date date="2025-05-26" >}}

### Bug fixes

- Fix issues with `docker scout attest list` and `docker scout attest get` for local images.

## 1.18.0

{{< release-date date="2025-05-13" >}}

### New

- Add `docker scout attest list` and `docker scout attest get` commands to list attestations.
- Add support for Docker Hardened Images (DHI) VEX documents.

## 1.16.1

{{< release-date date="2024-12-13" >}}

### Bug fixes

- Fix in-toto subject digest for the `docker scout attestation add` command.

## 1.16.0

{{< release-date date="2024-12-12" >}}

### New

- Add secret scanning to the `docker scout sbom` command.
- Add support for attestations for images from Tanzu Application Catalog.

### Enhancements

- Normalize licenses using the SPDX license list.
- Make licenses unique.
- Print platform in markdown output.
- Keep original pattern to find nested matches.
- Updates to make SPDX output spec-compliant.
- Update Go, crypto module, and Alpine dependencies.

### Bug fixes

- Fix behavior with multiple images in the `docker scout attest` command.
- Check directory existence before creating temporary file.

## 1.15.0

{{< release-date date="2024-10-31" >}}
Expand Down