[go: up one dir, main page]
{ const container = $el; // The div with overflow const item = document.getElementById('sidebar-current-page') if (item) { const containerTop = container.scrollTop; const containerBottom = containerTop + container.clientHeight; const itemTop = item.offsetTop - container.offsetTop; const itemBottom = itemTop + item.offsetHeight; // Scroll only if the item is out of view if (itemBottom > containerBottom - 200) { container.scrollTop = itemTop - (container.clientHeight / 2 - item.offsetHeight / 2); } } })" class="bg-background-toc dark:bg-background-toc fixed top-0 z-40 hidden h-screen w-full flex-none overflow-x-hidden overflow-y-auto md:sticky md:top-16 md:z-auto md:block md:h-[calc(100vh-64px)] md:w-[320px]" :class="{ 'hidden': ! $store.showSidebar }">
Reference

docker scout sbom

DescriptionGenerate or display SBOM of an image
Usagedocker scout sbom [IMAGE|DIRECTORY|ARCHIVE]

Description

The docker scout sbom command analyzes a software artifact to generate a Software Bill Of Materials (SBOM).

The SBOM contains a list of all packages in the image. You can use the --format flag to filter the output of the command to display only packages of a specific type.

If no image is specified, the most recently built image is used.

The following artifact types are supported:

  • Images
  • OCI layout directories
  • Tarball archives, as created by docker save
  • Local directory or file

By default, the tool expects an image reference, such as:

  • redis
  • curlimages/curl:7.87.0
  • mcr.microsoft.com/dotnet/runtime:7.0

If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory, or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:

  • image:// (default) use a local image, or fall back to a registry lookup
  • local:// use an image from the local image store (don't do a registry lookup)
  • registry:// use an image from a registry (don't use a local image)
  • oci-dir:// use an OCI layout directory
  • archive:// use a tarball archive, as created by docker save
  • fs:// use a local directory or file

Options

OptionDefaultDescription
--formatjsonOutput format:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM
- cyclonedx: cyclone dx representation of the SBOM
--only-package-typeComma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
Can only be used with --format list
-o, --outputWrite the report to a file
--platformPlatform of image to analyze
--refReference to use if the provided tarball contains multiple references.
Can only be used with archive

Examples

Display the list of packages

$ docker scout sbom --format list alpine

Only display packages of a specific type

 $ docker scout sbom --format list --only-package-type apk alpine

Display the full SBOM in JSON format

$ docker scout sbom alpine

Display the full SBOM of the most recently built image

$ docker scout sbom

Write SBOM to a file

$ docker scout sbom --output alpine.sbom alpine