Member-only story
Docker Scout vs Scan
Brief Comparison of Integrated Docker Supply Chain Security Solutions
Updated on 06.03.2023
Vulnerability scanning for local Docker images was introduced in late 2020 with the command docker scan. The Docker Scan command would use Snyk’s engine to scan Docker images for security vulnerabilities and create a list of Common Vulnerabilities and Exposures (CVEs).
Around a week ago, Docker introduced their own security scanning command, docker scout, deprecating docker scan. After the SBOM hype of late and the introduction of the Docker command docker sbom a few months back, it was a more achievable goal for Docker to develop their own security solution based on the already available toolchain.
This piece would briefly introduce and compare the two Docker subcommands.
Command Interface
Both the Scan and Scout commands, when introduced, came bundled into Docker Desktop. Installation of a CLI extension was required for non-Desktop users (e.g. people running the Docker engine natively on Linux).
I’m running Docker Desktop 4.17.0 on Mac (M2 processor). Let’s try to see the Docker Scan version:
$ docker scan --version
│ The docker scan command is deprecated and will no longer be…
