Closed mhmdio closed 2 years ago
Also, I would suggest adding
Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
Hi,
Thanks, that's a good idea. Since docker compose
is quite new, it might be worth waiting a little bit before making the switch because not everyone might be using the latest version of Docker.
As for docker scan
, that message gets output after running a build. I think if the user wants to scan their images, they can based on seeing that. I'm reluctant to recommend that by default because you need to consent to give Snyk access to your data.
Docker recently released a blog post https://www.docker.com/blog/dockercon-live-2021-looking-back-at-the-new-stuff/ that recapped a few things announced at DockerCon 21. One of those things was Docker Compose v2, but it states:
Docker Compose v2 is currently available in Docker Desktop and will be included in the Docker Linux packages later in the year by default.
And currently to get this to work on Linux you need to install a Docker CLI plugin manually (this is the thing that'll be the default later this year without needing to do this step).
With that in mind it'll be a while before I move all of the documentation and run script over to use the compose
sub-command, but with that said if you have access to it today you can use it. The only change is swapping docker-compose
with docker compose
.
Docker Compose v2 has been generally available now since April 2022.
Docker has fixed a few YAML parsing bugs in it and now it's compatible with this repo.
I'm going to close this issue since v2 (running docker compose
instead of docker-compose
) is fully compatible with no changes having to have been made on this repo's end.
The docs still point to using docker-compose
because the story for using docker compose
on Linux without Docker Desktop is still very new and I want to make sure everyone using this project can easily get things running on any environment.
First, Thank you for the awesome repo, really helpful.
I would suggest updating docker-compose subcommands to match the new docker version.