$ docker scout version | grep version
version: v1.13.0 (go1.22.5 - darwin/amd64)
$ docker scout quickview keinos/sqlite3:latest
✓ SBOM of image already cached, 17 packages indexed
✓ Policy evaluation completed
i Base image was auto-detected. To get more accurate results, build images with max-mode provenance attestations.
Review docs.docker.com ↗ for more information.
Target │ keinos/sqlite3:latest │ 0C 0H 0M 0L
digest │ 5798b274cbad │
Base image │ alpine:3 │ 0C 0H 0M 0L
Policy status FAILED (4/7 policies met, 2 missing data)
Status │ Policy │ Results
─────────┼─────────────────────────────────────────────┼──────────────────────────────
✓ │ Default non-root user │
✓ │ No AGPL v3 licenses │ 0 packages
✓ │ No fixable critical or high vulnerabilities │ 0C 0H 0M 0L
✓ │ No high-profile vulnerabilities │ 0C 0H 0M 0L
? │ No outdated base images │ No data
│ │ Learn more ↗
? │ No unapproved base images │ No data
! │ Missing supply chain attestation(s) │ 2 deviations
What's next:
View policy violations → docker scout policy keinos/sqlite3:latest --org keinos
Compare with the latest in the registry → docker scout compare --to-latest keinos/sqlite3:latest --org keinos
No outdated base images
The No outdated base images policy requires that the base images you use are up-to-date.
It's violated when the tag you used to build your image points to a different digest than what you're using. If there's a mismatch in digests, that means the base image you're using is out of date.
Your images need provenance attestations for this policy to successfully evaluate. For more information, see No base image data.
No base image data
There are cases when it's not possible to determine information about the base images used in your builds. In such cases, the No outdated base images and No unapproved base images policies get flagged as having No data.
This "no data" state occurs when:
- Docker Scout doesn't know what base image tag you used
- The base image version you used has multiple tags, but not all tags are out of date
To make sure that Docker Scout always knows about your base image, you can attach provenance attestations at build-time. Docker Scout uses provenance attestations to find out the base image version.
