Open achainarong opened 10 months ago
I had the same issue but used the following workaround:
- task: CmdLine@2
displayName: Find CVEs on image
env:
INSTALL_DIR: $(Pipeline.Workspace)/cli-plugins
inputs:
script: |
# Install the Docker Scout CLI
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- -b ${INSTALL_DIR}
# Get a CVE report for the built image and fail the pipeline when critical or high CVEs are detected
DOCKER_SCOUT_HUB_USER=$(DOCKER_HUB_USER) DOCKER_SCOUT_HUB_PASSWORD=$(DOCKER_HUB_PAT) $(INSTALL_DIR)/docker-scout cves $(image):$(tag) --exit-code --only-severity critical,high
Another solution could be using absolute path:
- task: CmdLine@2
displayName: Install Docker Scout
inputs:
script: |
# Install the Docker Scout CLI
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
/home/vsts/.docker/cli-plugins/docker-scout version
However, installation steps provided for azure pipeline do not work!
Hey guys,
i followed your guide on the docker website. But when trying to run docker scout i get the error "docker 'scout' is not a docker command". And when i try to use the downloaded exectuable ~/.docker/cli-plugins/docker-scout i get the message that i should login into Dockerhub first even though i tried it over the pipeline with the command docker login and with the serviceconnection from azure itself.