In today’s cloud-native world, building secure container images is no longer optional — it’s a necessity. But traditional image scanning tools often come late in the pipeline, and worse, outside the developer’s workflow.
This is where Docker Scout shines.
What is docker Scout?
Docker Scout is Docker’s native security tool that helps developers detect vulnerabilities, dependencies, and compliance risks early in their container development workflow. It integrates natively with Docker Desktop, CLI, and Docker Hub.
Why Docker scout?
Docker Scout brings security, compliance, and visibility into the developer’s daily workflow — starting right from the Docker CLI.
Key Features:
1.Vulnerability Insights with Fixes
2.SBOM and Policy Integration
3.Image-to-Image Comparison
4.Integrations
Note: This blog is the 1st part of our series on Docker Scout. To navigate directly to a specific section, please refer to the links below:
2nd part link: Enablement and analysis of Docker Scout
3rd part link: Evaluate policy compliance& improve compliance of Docker Scout
4th part link: Docker scout Dashboard Navigation & Key Integrations
setup and installation of docker scout
Setup:
this example-scout-demo-service contains a vulnerable Node.js application that we are going to use.
1.Clone its repository.: git clone https://github.com/docker/scout-demo-service.git
2.Move into the directory : cd scout-demo-service
3.Make sure you’re signed in to your Docker account, either by running the docker login command or by signing in with Docker Desktop.
4.Build the image and push it to a <ORG_NAME>/scout-demo:v1 . : docker build --push -t <ORG_NAME>/scout-demo:v1 .
where <ORG_NAME> is the Docker Hub namespace you push to.
Installation:
1.Docker Scout CLI plugin comes pre-installed with Docker Desktop.
2.If you run Docker Engine without Docker Desktop, Docker Scout doesn’t come pre-installed, but you can install it as a standalone binary.
To install the latest version of the plugin, run the following commands:
$ curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
$ sh install-scout.sh
3.Manual installation: you can download the latest release from the following scout-cli
4.Container image: The Docker Scout CLI plugin is also available as a container image
5.GitHub Actions: The Docker Scout CLI plugin is also available as a [GitHub action]:- action-scout
You can use it in your GitHub workflows to automatically analyse images and evaluate policy compliance with each push.(Docker Scout also integrates with many more CI/CD tools, such as Jenkins, GitLab, and Azure DevOps.)
Conclusion: Setup and Installation of Docker Scout
In this first part, we explored how to get started with Docker Scout — from cloning a vulnerable demo project to building and pushing your image to Docker Hub. We also walked through different ways to install the Docker Scout CLI, whether you’re using Docker Desktop, standalone Docker Engine, or CI tools like GitHub Actions.
By completing this setup, you’ve laid the groundwork for integrating security checks into your container workflow. With Scout installed and your first image ready, you’re now equipped to dive deeper into vulnerability analysis and security insights.
Ready to analyze your images for vulnerabilities?
Continue to the next part: Enablement and analysis of Docker Scout – Canarys