Vulnetix
Try Vulnetix Request Demo
Tool integration

Docker Scout SBOM Integration Guide

Docker Scout SBOM generation for container images

Get a Free API Key

Generate CycloneDX or SPDX SBOMs from container images using Docker Scout sbom command and upload to Vulnetix.

CLI toolSPDXCycloneDX

Install & scan

$ # Docker Scout is included in Docker Desktop and Docker Engine 24.0+
docker scout version

# Or install the CLI plugin
curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh
$ # Generate CycloneDX SBOM from container image
docker scout sbom myimage:latest --format cyclonedx --output scout-sbom.cdx.json

# Generate SPDX SBOM
docker scout sbom myimage:latest --format spdx-json --output scout-sbom.spdx.json

Run Docker Scout SBOM in CI

Scan on every push and upload the results to Vulnetix:

- name: Generate SBOM with Docker Scout
  run: docker scout sbom myapp:${{ github.sha }} --format cyclonedx --output scout-sbom.cdx.json

- name: Upload to Vulnetix
  run: vulnetix upload --file scout-sbom.cdx.json

Centralise Docker Scout SBOM results in Vulnetix

Upload Docker Scout SBOM SPDX, CycloneDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

Docker Scout SBOM documentation ↗

Wire Docker Scout SBOM into your CI/CD pipeline →