docker cli format markdown bug

[dautovri]

Docker CLI Command docker scout cves --type image --format markdown --output ubuntu.md ubuntu

Output:

 docker scout cves --type image --format markdown  --output ubuntu.md ubuntu
INFO New version 0.22.3 available (installed version is 0.20.0)

 Display CVEs identified in a software artifact

Usage
  docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]

Description
The docker scout cves command analyzes a software artifact for vulnerabilities.

If no image is specified, the most recently built image is used.

The following artifact types are supported:

- Images
- OCI layout directories
- Tarball archives, as created by docker save

The tool analyzes the provided software artifact, and generates a vulnerability report.

By default, the tool expects an image reference, such as:

- redis
- curlimages/curl:7.87.0
- mcr.microsoft.com/dotnet/runtime:7.0

If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the --type flag.

Flags
      --details                     Print details on default text output
  -e, --exit-code                   Return exit code '2' if vulnerabilities are detected
      --format string               Output format of the generated vulnerability report:
                                    - packages: default output, plain text with vulnerabilities grouped by packages
                                    - sarif: json Sarif output
                                    - markdown: markdown output
                                     (default "packages")
      --ignore-base                 Filter out CVEs introduced from base image
      --locations                   Print package locations including file paths and layer diff_id
      --multi-stage                 Show packages from multi-stage Docker builds
      --only-cve-id strings         Comma separated list of CVE ids (like CVE-2021-45105) to search for
      --only-fixed                  Filter to fixable CVEs
      --only-package-type strings   Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
      --only-severity strings       Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by
      --only-stage strings          Comma separated list of multi-stage Docker build stage names
      --only-unfixed                Filter to unfixed CVEs
  -o, --output string               Write the report to a file.
      --platform string             Platform of image to analyze
      --ref string                  Reference to use if the provided tarball contains multiple references.
                                    Can only be used with --type archive.
      --type string                 Type of the image to analyze. Can be one of:
                                    - image
                                    - oci-dir
                                    - archive (docker save tarball)
                                     (default "image")

Examples
  Display vulnerabilities for the most recently built image
  $ docker scout cves

  Display vulnerabilities grouped by package
  $ docker scout cves alpine

  Display vulnerabilities from a docker save tarball
  $ docker save alpine > alpine.tar
  $ docker scout cves --type archive alpine.tar

  Display vulnerabilities from an OCI directory
  $ skopeo copy --override-os linux docker://alpine oci:alpine
  $ docker scout cves --type oci-dir alpine

  Export vulnerabilities to a SARIF JSON file
  $ docker scout cves --format sarif --output alpine.sarif.json alpine

Learn More
  Read docker scout cli reference at https://docs.docker.com/engine/reference/commandline/scout/

ERROR   Status: please provide a valid format, Code: 1

[cdupuis]

Thanks for raising. This does sound a bit like https://github.com/docker/scout-cli/issues/29, right?

I think updating to the latest version should fix this.

[dautovri]

@cdupuis Yes, upgrading to the latest version helps! Thank you😊