Merge pull request #20519 from docker/published-update

publish updates from main
docker · Aug 5, 2024 · 531d842 · 531d842
2 parents 632b54b + e1b4abd
commit 531d842
Show file tree

Hide file tree

Showing 13 changed files with 125 additions and 18 deletions.
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_cves.yaml
diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_quickview.yaml
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md b/_vendor/github.com/docker/scout-cli/docs/scout_quickview.md
diff --git a/_vendor/modules.txt b/_vendor/modules.txt
@@ -3,4 +3,4 @@
 # github.com/docker/buildx v0.16.2
 # github.com/docker/cli v27.0.3+incompatible
 # github.com/docker/compose/v2 v2.29.1
-# github.com/docker/scout-cli v1.11.0
+# github.com/docker/scout-cli v1.12.0
diff --git a/content/compose/use-secrets.md b/content/compose/use-secrets.md
@@ -86,7 +86,7 @@ In the advanced example above:
 
 ### Build secrets
 
-In the following example, the `npm_token` secret is made available at build time. It's value is taken from the `NPM_TOKEN` environment variable.
+In the following example, the `npm_token` secret is made available at build time. Its value is taken from the `NPM_TOKEN` environment variable.
 
 ```yaml
 services:

diff --git a/content/config/labels-custom-metadata.md b/content/config/labels-custom-metadata.md
@@ -30,7 +30,7 @@ all previous values.
 ### Key format recommendations
 
 A label key is the left-hand side of the key-value pair. Keys are alphanumeric
-strings which may contain periods (`.`) and hyphens (`-`). Most Docker users use
+strings which may contain periods (`.`), underscores (`_`), slashes (`/`), and hyphens (`-`). Most Docker users use
 images created by other organizations, and the following guidelines help to
 prevent inadvertent duplication of labels across objects, especially if you plan
 to use labels as a mechanism for automation.

diff --git a/content/guides/docker-concepts/the-basics/what-is-a-container.md b/content/guides/docker-concepts/the-basics/what-is-a-container.md
@@ -152,7 +152,7 @@ This container runs a web server that displays a simple website. When working wi
 
 When you launched the container, you exposed one of the container's ports onto your machine. Think of this as creating configuration to let you to connect through the isolated environment of the container. 
 
-For this container, the frontend is accessible on port `8080`. To open the website, select the link in the **Port(s)** column of your container or visit [http://localhost:8080](https://localhost:8080) in your browser.
+For this container, the frontend is accessible on port `8080`. To open the website, select the link in the **Port(s)** column of your container or visit [http://localhost:8080](http://localhost:8080) in your browser.
 
 ![Screenshot of the landing page of the Nginx web server, coming from the running container](images/access-the-frontend.webp?border)
 

diff --git a/content/scout/install.md b/content/scout/install.md
@@ -43,7 +43,7 @@ $ sh install-scout.sh
 
    ```json
    {
-     "cliPluginExtraDirs": [
+     "cliPluginsExtraDirs": [
        "$HOME/.docker/scout"
      ]
    }
@@ -76,7 +76,7 @@ $ sh install-scout.sh
 
    ```json
    {
-     "cliPluginExtraDirs": [
+     "cliPluginsExtraDirs": [
        "$HOME/.docker/scout"
      ]
    }
@@ -97,7 +97,7 @@ $ sh install-scout.sh
 
    ```json
    {
-     "cliPluginExtraDirs": [
+     "cliPluginsExtraDirs": [
        "C:\Users\MobyWhale\.docker\scout"
      ]
    }

diff --git a/content/scout/release-notes/cli.md b/content/scout/release-notes/cli.md
@@ -8,6 +8,57 @@ This page contains information about the new features, improvements, known
 issues, and bug fixes in the Docker Scout [CLI plugin](https://github.com/docker/scout-cli/)
 and the `docker/scout-action` [GitHub Action](https://github.com/docker/scout-action).
 
+## 1.12.0
+
+{{< release-date date="2024-07-31" >}}
+
+### New
+
+- Only display vulnerabilities from the base image:
+
+  ```console {title="CLI"}
+  $ docker scout cves --only-base IMAGE
+  ```
+
+  ```yaml {title="GitHub Action"}
+  uses: docker/scout-action@v1
+  with:
+    command: cves
+    image: [IMAGE]
+    only-base: true
+  ```
+
+- Account for VEX in `quickview` command.
+
+  ```console {title="CLI"}
+  $ docker scout quickview IMAGE --only-vex-affected --vex-location ./path/to/my.vex.json
+  ```
+
+  ```yaml {title="GitHub Action"}
+  uses: docker/scout-action@v1
+  with:
+    command: quickview
+    image: [IMAGE]
+    only-vex-affected: true
+    vex-location: ./path/to/my.vex.json
+  ```
+
+- Account for VEX in `cves` command (GitHub Actions).
+
+  ```yaml {title="GitHub Action"}
+  uses: docker/scout-action@v1
+  with:
+    command: cves
+    image: [IMAGE]
+    only-vex-affected: true
+    vex-location: ./path/to/my.vex.json
+  ```
+
+### Bug fixes and enhancements
+
+- Update `github.com/docker/docker` to `v26.1.5+incompatible` to fix CVE-2024-41110.
+- Update Syft to 1.10.0.
+
 ## 1.11.0
 
 {{< release-date date="2024-07-25" >}}

diff --git a/content/scout/release-notes/platform.md b/content/scout/release-notes/platform.md
@@ -19,7 +19,7 @@ for what's coming next.
 
 New features and enhancements released in the second quarter of 2024.
 
-### 2024-05-0x
+### 2024-06-27
 
 This release introduces initial support for **Exceptions** in the Docker Scout
 Dashboard. Exceptions let you suppress vulnerabilities found in your images

diff --git a/go.mod b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/docker/buildx v0.16.2 // indirect
 	github.com/docker/cli v27.0.3+incompatible // indirect
 	github.com/docker/compose/v2 v2.29.1 // indirect
-	github.com/docker/scout-cli v1.11.0 // indirect
+	github.com/docker/scout-cli v1.12.0 // indirect
 	github.com/moby/buildkit v0.15.1 // indirect
 	github.com/moby/moby v27.0.3+incompatible // indirect
 )
@@ -17,7 +17,7 @@ replace (
 	github.com/docker/buildx => github.com/docker/buildx v0.16.2
 	github.com/docker/cli => github.com/docker/cli v27.0.3+incompatible
 	github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.29.0
-	github.com/docker/scout-cli => github.com/docker/scout-cli v1.11.0
+	github.com/docker/scout-cli => github.com/docker/scout-cli v1.12.0
 	github.com/moby/buildkit => github.com/moby/buildkit v0.15.1
 	github.com/moby/moby => github.com/moby/moby v27.0.3+incompatible
 )
diff --git a/go.sum b/go.sum
@@ -202,6 +202,8 @@ github.com/docker/scout-cli v1.10.0 h1:C8Gm+6Oc7NqhtZ/UoACv3N2LaP1jqkhlIDRhBOqMB
 github.com/docker/scout-cli v1.10.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
 github.com/docker/scout-cli v1.11.0 h1:I310kNhjw3oeKe8T1cQEh6yPgy6VtpuwzjWchETn8KU=
 github.com/docker/scout-cli v1.11.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
+github.com/docker/scout-cli v1.12.0 h1:NhmT4BzL2lYiIk5hPFvK5FzQ8izbLDL3/Rugcyulv1M=
+github.com/docker/scout-cli v1.12.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
 github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=