docker scout watch

DescriptionWatch repositories in a registry and push images and indexes to Docker Scout (experimental)
Usagedocker scout watch

試験的

This command is experimental.

Experimental features are intended for testing and feedback as their functionality or design may change between releases without warning or can be removed entirely in a future release.

内容説明

The docker scout watch command watches repositories in a registry and pushes images or image indexes to Docker Scout.

オプション

OptionDefaultDescription
--all-imagesPush all images instead of only the ones pushed during the watch command is running
--dry-runWatch images and prepare them, but do not push them
--interval60Interval in seconds between checks
--orgNamespace of the Docker organization to which image will be pushed
--refresh-registryRefresh the list of repositories of a registry at every run. Only with --registry.
--registryRegistry to watch
--repositoryRepository to watch
--sbomtrueCreate and upload SBOMs
--tagRegular expression to match tags to watch
--workers3Number of concurrent workers

Examples

Watch for new images from two repositories and push them

$ docker scout watch --org my-org --repository registry-1.example.com/repo-1 --repository registry-2.example.com/repo-2

Only push images with a specific tag

$ docker scout watch --org my-org --repository registry.example.com/my-service --tag latest

Watch all repositories of a registry

$ docker scout watch --org my-org --registry registry.example.com

Push all images and not just the new ones

$ docker scout watch --org my-org --repository registry.example.com/my-service --all-images

Configure Artifactory integration

The following example creates a web hook endpoint for Artifactory to push new image events into:

$ export DOCKER_SCOUT_ARTIFACTORY_API_USER=user
$ export DOCKER_SCOUT_ARTIFACTORY_API_PASSWORD=password
$ export DOCKER_SCOUT_ARTIFACTORY_WEBHOOK_SECRET=foo

$ docker scout watch --registry "type=artifactory,registry=example.jfrog.io,api=https://example.jfrog.io/artifactory,include=*/frontend*,exclude=*/dta/*,repository=docker-local,port=9000,subdomain-mode=true" --refresh-registry

This will launch an HTTP server on port 9000 that will receive all component web hook events, optionally validating the HMAC signature.

Configure Harbor integration

The following example creates a web hook endpoint for Harbor to push new image events into:

$ export DOCKER_SCOUT_HARBOR_API_USER=admin
$ export DOCKER_SCOUT_HARBOR_API_PASSWORD=password
$ export DOCKER_SCOUT_HARBOR_WEBHOOK_AUTH="token foo"

$ docker scout watch --registry 'type=harbor,registry=demo.goharbor.io,api=https://demo.goharbor.io,include=*/foo/*,exclude=*/bar/*,port=9000' --refresh-registry

This will launch an HTTP server on port 9000 that will receive all component web hook events, optionally validating the HMAC signature.

Configure Nexus integration

The following example shows how to configure Sonartype Nexus integration:

$ export DOCKER_SCOUT_NEXUS_API_USER=admin
$ export DOCKER_SCOUT_NEXUS_API_PASSWORD=admin124

$ docker scout watch --registry 'type=nexus,registry=localhost:8082,api=http://localhost:8081,include=*/foo/*,exclude=*/bar/*,"repository=docker-test1,docker-test2"' --refresh-registry

This ingests all images and tags in Nexus repositories called docker-test1 and docker-test2 that match the */foo/* include and */bar/* exclude glob pattern.

You can also create a web hook endpoint for Nexus to push new image events into:

$ export DOCKER_SCOUT_NEXUS_API_USER=admin
$ export DOCKER_SCOUT_NEXUS_API_PASSWORD=admin124
$ export DOCKER_SCOUT_NEXUS_WEBHOOK_SECRET=mysecret

$ docker scout watch --registry 'type=nexus,registry=localhost:8082,api=http://localhost:8081,include=*/foo/*,exclude=*/bar/*,"repository=docker-test1,docker-test2",port=9000' --refresh-registry

This will launch an HTTP server on port 9000 that will receive all component web hook events, optionally validating the HMAC signature.

Configure integration for other OCI registries

The following example shows how to integrate an OCI registry that implements the _catalog endpoint:

$ docker scout watch --registry 'type=oci,registry=registry.example.com,include=*/scout-artifact-registry/*'