{"id":1101,"date":"2024-07-30T15:15:20","date_gmt":"2024-07-30T15:15:20","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2024\/07\/30\/docker-scout-health-scores-security-grading-for-container-images-in-your-docker-hub-repo\/"},"modified":"2024-07-30T15:15:20","modified_gmt":"2024-07-30T15:15:20","slug":"docker-scout-health-scores-security-grading-for-container-images-in-your-docker-hub-repo","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2024\/07\/30\/docker-scout-health-scores-security-grading-for-container-images-in-your-docker-hub-repo\/","title":{"rendered":"Docker Scout Health Scores: Security Grading for Container Images in Your Docker Hub Repo"},"content":{"rendered":"<p>We are thrilled to introduce <a href=\"https:\/\/docs.docker.com\/scout\/policy\/scores\/\" target=\"_blank\" rel=\"noopener\">Docker Scout health scores<\/a>, our latest feature designed to make software security simpler and more effective for developers.\u00a0<\/p>\n<h2 class=\"wp-block-heading\">Developer-friendly software security<\/h2>\n<p>Docker Scout health scores rate the security and compliance status of container images within <a href=\"https:\/\/hub.docker.com\/\" target=\"_blank\" rel=\"noopener\">Docker Hub<\/a>, providing a single, quantifiable metric to represent the \u201chealth\u201d of an image. This feature addresses one of the key friction points in developer-led software security \u2014 the lack of security expertise \u2014 and makes it easier for developers to turn critical insights from tools into actionable steps.<\/p>\n<p><a href=\"https:\/\/www.docker.com\/wp-content\/uploads\/2024\/01\/banner_How_to_Enhance_Application_Security_Posture_with_Docker_Scout_Policies_2400x1260px.png\" target=\"_blank\" rel=\"noopener\"><\/a><\/p>\n<h2 class=\"wp-block-heading\">How Docker Scout health scores work<\/h2>\n<p>Docker Scout health scores utilize an alphabetical grading system to rate images stored in Hub repositories. The scores range from A to F, with A representing the highest overall standing and F the lowest. These health scores are calculated by evaluating images against a set of security and compliance checks based on widely accepted secure supply chain best practices. Factors considered include known vulnerabilities, risky licenses, Software Bill of Materials (SBOM) availability, provenance attestations, freshness of base image, and more. To learn more about these checks and the scoring process, visit our <a href=\"https:\/\/docs.docker.com\/scout\/policy\/scores\/\" target=\"_blank\" rel=\"noopener\">documentation<\/a>.<\/p>\n<p><strong>Note: <\/strong>To maintain the privacy of these assessments, health scores can only be viewed by users who are members of the Docker Hub organization that owns an image repository and have at least \u201cread\u201d access to the repository.<\/p>\n<h2 class=\"wp-block-heading\">The power of Docker Scout within Docker Hub<\/h2>\n<p>Health scores are powered by <a href=\"https:\/\/www.docker.com\/products\/docker-scout\/\" target=\"_blank\" rel=\"noopener\">Docker Scout<\/a>, our secure software supply chain tool that empowers organizations to strengthen their <a href=\"https:\/\/www.docker.com\/blog\/how-to-measure-devsecops-success-key-metrics-explained\/\" target=\"_blank\" rel=\"noopener\">containerized application security posture<\/a> via detailed analysis and insights across the software supply chain. Additionally, Docker Scout evaluates container images against <a href=\"https:\/\/docs.docker.com\/scout\/policy\/\" target=\"_blank\" rel=\"noopener\">detailed policies<\/a> to ensure compliance with security and licensing standards.<\/p>\n<p>By embedding Docker Scout\u2019s powerful analysis capabilities into Docker Hub, health scores seamlessly fit into developers\u2019 image lifecycle management workflows. Developers visiting <a href=\"http:\/\/hub.docker.com\/\" target=\"_blank\" rel=\"noopener\">hub.docker.com<\/a> can leverage up-to-date and dependable assessments of their latest and historical images and take proactive measures to prioritize and improve images with lower scores.\u00a0This capability is crucial for protecting containerized applications from potential security threats.<\/p>\n<p>Figure 1 shows an example of an image with a low health score. The image was awarded a D score because it contains at least one known, high-profile CVE (think <a href=\"https:\/\/scout.docker.com\/vulnerabilities\/id\/CVE-2021-44228\" target=\"_blank\" rel=\"noopener\">Log4Shell<\/a>), is missing supply chain attestations (like SBOM and provenance), is using an out-of-date base image, and has specified a default root user.<\/p>\n<p><a href=\"https:\/\/www.docker.com\/wp-content\/uploads\/2024\/07\/F1-Docker-health-score.png\" target=\"_blank\" rel=\"noopener\"><\/a><strong>Figure 1: <\/strong>Sample image with a low health score.<\/p>\n<h3 class=\"wp-block-heading\">Health scores in Docker Hub\u00a0<\/h3>\n<p>We\u2019ve made it straightforward for developers to leverage health scores. Users can view them directly within the Docker Hub interface by navigating to their organization\u2019s <strong>Repositories<\/strong> tab (Figure 2) or from the detailed view for any given repository (Figure 3).\u00a0<\/p>\n<p><a href=\"https:\/\/www.docker.com\/wp-content\/uploads\/2024\/07\/F2-Repositories-tab.png\" target=\"_blank\" rel=\"noopener\"><\/a><strong>Figure 2:<\/strong> Repositories tab \u2014 health scores per repository.<\/p>\n<p><a href=\"https:\/\/www.docker.com\/wp-content\/uploads\/2024\/07\/F3-Health-score-repository-details.png\" target=\"_blank\" rel=\"noopener\"><\/a><strong>Figure 3:<\/strong> Repositories details \u2014 health scores per tag.<\/p>\n<p>For those seeking more in-depth analysis, enabling Docker Scout for a specific image repository offers easy access to detailed secure software supply chain insights and recommendations for how to address identified issues (Figure 4).<\/p>\n<p><a href=\"https:\/\/www.docker.com\/wp-content\/uploads\/2024\/07\/F4-Docker-Scout-image-details.png\" target=\"_blank\" rel=\"noopener\"><\/a><strong>Figure 4: <\/strong>Image details from Docker Scout.<\/p>\n<h2 class=\"wp-block-heading\">Proactive security through gamification<\/h2>\n<p>In addition to making convoluted secure supply chain insights easier to digest, health scores also introduce an element of gamification. Within our own teams at Docker, we are seeing them motivate developers to improve the container images for which they\u2019re responsible. With the clear, quantifiable A to F metric, developers are taking the initiative to pursue higher scores through proactive steps. This process has fostered a culture of continuous improvement, where our developers are self-motivated to prioritize corrective actions and updates to achieve better scores, thus bolstering the security and compliance of our own portfolio.<\/p>\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n<p>By leveraging Docker Scout health scores, we aim to encourage organizations to take proactive steps towards better security and compliance management in their containerized environments and increase the overall resilience of their software supply chain.\u00a0<\/p>\n<p>The feature is currently available as <a href=\"https:\/\/docs.docker.com\/release-lifecycle\/#beta\" target=\"_blank\" rel=\"noopener\">beta<\/a> and rolled out to a limited number of organizations that have been selected to participate in the early access program. To try out health scores or to give feedback, reach out to our product team on social channels, such as <a href=\"https:\/\/x.com\/docker\" target=\"_blank\" rel=\"noopener\">X<\/a> and <a href=\"https:\/\/dockr.ly\/comm-slack\" target=\"_blank\" rel=\"noopener\">Slack<\/a>.<\/p>\n<h2 class=\"wp-block-heading\">Learn more<\/h2>\n<p>Subscribe to the <a href=\"https:\/\/www.docker.com\/newsletter-subscription\/\" target=\"_blank\" rel=\"noopener\">Docker Newsletter<\/a>.\u00a0<\/p>\n<p>Visit the <a href=\"https:\/\/www.docker.com\/products\/docker-scout\/\" target=\"_blank\" rel=\"noopener\">Docker Scout<\/a> product page.<\/p>\n<p>Looking to get up and running? Use our <a href=\"https:\/\/docs.docker.com\/scout\/quickstart\/\" target=\"_blank\" rel=\"noopener\">Quickstart<\/a> guide.<\/p>\n<p>Get the latest release of <a href=\"https:\/\/www.docker.com\/products\/docker-desktop\/\" target=\"_blank\" rel=\"noopener\">Docker Desktop<\/a>.<\/p>\n<p>Have questions? The <a href=\"https:\/\/www.docker.com\/community\/\" target=\"_blank\" rel=\"noopener\">Docker community is here to help<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>We are thrilled to introduce Docker Scout health scores, our latest feature designed to make software security simpler and more [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1101","post","type-post","status-publish","format-standard","hentry","category-docker"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/1101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=1101"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/1101\/revisions"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=1101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=1101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=1101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}