Containers: Security already on the command line with Docker Desktop 4.18
Docker, Inc. has released version 4.18 of Docker Desktop. Important new features can be found primarily under the graphical interface of the containerization platform. The Docker Scout tool collection provides a number of new functions for the command line, which developers can use to compare images with one another and check for vulnerabilities more quickly. Appropriately, the CLI provides recommendations for updating base images.
New tools for the software supply chain
Docker Scout has been available since Docker Desktop 4.17, initially as part of an early access phase for the Docker Pro, Team and Business editions. Scout is a collection of functions that developers can use along the entire software supply chain – both on the graphical interface of Docker Desktop and via CLI plug-in in the terminal.
The new release includes a number of new features, such as Quickview and CLI recommendations, especially for the command line. The command docker scout quickview provides insight into images in order to be able to check them for any vulnerabilities. The command for CVEs discovered in the process has already been delivered docker scout cves Further information. In Docker Desktop 4.18, developers also receive concrete recommendations for further action on the command line, for example available updates that should be imported into the base images.
For the images affected by vulnerabilities, Docker Scout displays available updates.
(Image: Docker)
Docker Scout also provides recommendations when building attested images with BuildKit that include information on the origin or the packages included. Instead of having to create SBOMs (Software Bills of Material) from scratch, the tool can also access the information available in the SBOMs that have already been attached.
A still experimental feature in Docker Scout gives developers the opportunity to compare images with each other. Using data such as package versions and environment variables, the function compares images and highlights the differences. Among other things, the measures taken to eliminate weak points in the images can be traced. The output on the command line can also be used in Markdown format to create diff previews in pull requests via GitHub Actions.
Convenient file management in the UI
The Container File Explorer is one of the new features in the Docker Desktop UI worth mentioning. It has officially achieved GA (General Availability) status. With Explorer, typical file system tasks such as copying, moving or deleting can be performed simply by dragging and dropping. The Container File Explorer can also delete files or edit them, including syntax highlighting.
The Docker blog and the release notes provide more information about all the innovations in version 4.18.
(map)
