Update README.md

dockersamples · Jul 13, 2024 · 1ece403 · 1ece403
1 parent e0eb6e0
commit 1ece403
Showing 1 changed file with 41 additions and 69 deletions.
diff --git a/README.md b/README.md
@@ -11,7 +11,9 @@ The application consists of a basic ExpressJS server and uses an intentionally o
 - [Fix application vulnerabilities](#fix-application-vulnerabilities)
 - [Integrating with GitHub Action](#integrating-with-github-action)
 
-## Getting Started
+## Getting Started 
+
+## 1. Inner-Loop (using Docker Desktop)
 
 - Install the latest version of Scout CLI
 
@@ -58,8 +60,28 @@ That means we need to update our Express v4.17.3 to 4.19.2
 <img width="1030" alt="image" src="https://github.com/user-attachments/assets/af409b26-92d5-4cec-812f-e1498a8e9d14">
 
 
+Alternatively, you can see the list of vulnerabilities locally using your terminal.
+
+```
+  docker scout cves scout-demo:v1
+```
+
+
+
+## Fix application vulnerabilities
+
+The fix suggested by Docker Scout is to update the underlying vulnerable express version to 4.17.3 or later.
+
+Update the package.json file with the new package version.
 
-Open up package.json in a terminal window and change express from 4.17.3 to 4.19.2 and rebuild it this time with v2.0
+
+```
+…
+"dependencies": {
+     "express": "4.19.2"
+     …
+}
+```
 
 ```
 docker build -t scout-demo:v2 .
@@ -68,7 +90,7 @@ docker build -t scout-demo:v2 .
 <img width="1162" alt="image" src="https://github.com/user-attachments/assets/9f3d057a-c917-4aa8-be1c-cbff34d36611">
 
 
-You will find that express vulnerabilities is now fixed.
+You will find that express vulnerabilities are now fixed.
 
 <img width="1200" alt="image" src="https://github.com/user-attachments/assets/ee4ab5e5-e855-4bd7-b340-30ef66ffcb62">
 
@@ -92,23 +114,27 @@ This time, you will find all the vulnerabilities are fixed.
 
 
 
+## 2. Using Docker Hub
 
 
 
-## Create and push the repository on Docker Hub:
+## Create and push the Docker image to the Docker Hub repository
 
 ```
  docker push <org-name>/scout-demo:v1
 ```
 
-Alternatively, you can use Docker Dashboard directly too to push your Docker image to the Docker Hub.
+Alternatively, you can use Docker Dashboard directly to to push your Docker image to the Docker Hub.
 
 <img width="1065" alt="image" src="https://github.com/user-attachments/assets/19934207-3a80-4d44-9f3c-33f5e7b744e0">
 
 
 ## Enable Docker Scout
 
-<img width="1455" alt="image" src="https://github.com/user-attachments/assets/ab681d7b-39fd-4164-a615-127c17a49d56">
+You can enable Docker image analysis right on your Docker Hub repositories - either through CLI or directly using Docker Hub Dashboard.
+
+
+<img width="1349" alt="image" src="https://github.com/user-attachments/assets/61708231-402d-4c7a-bc00-220b3c899cb0">
 
 
 Docker Scout analyzes all local images by default. To analyze images in remote repositories, you need to enable it first. You can do this from Docker Hub, the Docker Scout Dashboard, and CLI. Find out how in the overview guide.
@@ -134,87 +160,33 @@ For Example:
 
 ## Analyze image vulnerabilities
 
-After building, you can use Docker Desktop or the docker scout CLI command to see vulnerabilities detected by Docker Scout.
-
-Using Docker Desktop, select the image name in the Images view to see the image layer view. In the image hierarchy section, you can see which layers introduce vulnerabilities and the details of those.
-
-
-```
-  docker scout cves <org-name>/scout-demo:v1
-```
-
-
+Click on the tag version to see the list of vulnerabilities:
 
 
-<img width="1084" alt="image" src="https://github.com/dockersamples/scout-demo-service/assets/313480/35015241-4fb8-4437-a511-7dda74710049">
+<img width="1339" alt="image" src="https://github.com/user-attachments/assets/7db07085-e73f-4925-86a0-5ac83301762d">
 
-Select layer 5 to focus on the vulnerability introduced in that layer.
+You can see the similar kind of result as you see locally on your Docker Desktop.
 
-<img width="1076" alt="image" src="https://github.com/dockersamples/scout-demo-service/assets/313480/2ef69e3e-be2c-4f85-8aee-f4ca287a9699">
 
+<img width="1329" alt="image" src="https://github.com/user-attachments/assets/8433d2c9-f682-4ee3-8845-72b0f75fffe9">
 
-Toggle the disclosure triangle next to express 4.17.1 and then the CVE ID (in this case, “CVE-2022-24999⁠”) to see details of the vulnerability.
 
-<img width="966" alt="image" src="https://github.com/dockersamples/scout-demo-service/assets/313480/f42eff02-0059-46dd-9226-ca7a01857c42">
 
-<img width="1080" alt="image" src="https://github.com/dockersamples/scout-demo-service/assets/313480/2f86c05b-2f8a-4efe-92d8-ddf9efeae49c">
-
-
-
-You can also use the Docker CLI to see the same results.
-
-
-```
-docker scout cves <org-name>/scout-demo:v1
-    ✓ Provenance obtained from attestation
-    ✓ Image stored for indexing
-    ✓ Indexed 79 packages
-    ✗ Detected 6 vulnerable packages with a total of 26 vulnerabilities
-
- ...
-...
-
-28 vulnerabilities found in 6 packages
-  UNSPECIFIED  1
-  LOW          0
-  MEDIUM       7
-  HIGH         18
-  CRITICAL     2
-```
-
-Docker Scout creates and maintains its vulnerability database by ingesting and collating vulnerability data from multiple sources continuously. These sources include many recognizable package repositories and trusted security trackers. You can find more details in the [Advisory Database sources document](https://docs.docker.com/scout/advisory-db-sources/).
-
-## Fix application vulnerabilities
-
-The fix suggested by Docker Scout is to update the underlying vulnerable express version to 4.17.3 or later.
-
-Update the package.json file with the new package version.
 
+After building, you can use Docker Desktop or the docker scout CLI command to see vulnerabilities detected by Docker Scout.
 
-```
-…
-"dependencies": {
-     "express": "4.17.3"
-     …
-}
-```
+Using Docker Desktop, select the image name in the Images view to see the image layer view. In the image hierarchy section, you can see which layers introduce vulnerabilities and the details of those.
 
-## Rebuild the image, giving it a new version tag:
 
 ```
-docker build -t <org-name>/scout-demo:v2 .
+  docker scout cves <org-name>/scout-demo:v1
 ```
 
-## Push the image to the same repository on Docker Hub using a new version tag:
+Now you can follow the above instructions to fix it directly on Docker Desktop.
 
 
-```
- docker push <org-name>/scout-demo:v2
-```
-
-Now, viewing the latest tag of the image in Docker Desktop, the Docker Scout Dashboard, or CLI, you can see that you have fixed the vulnerability.
+Docker Scout creates and maintains its vulnerability database by ingesting and collating vulnerability data from multiple sources continuously. These sources include many recognizable package repositories and trusted security trackers. You can find more details in the [Advisory Database sources document](https://docs.docker.com/scout/advisory-db-sources/).
 
-<img width="1025" alt="image" src="https://github.com/dockersamples/scout-demo-service/assets/313480/57d43a70-4e19-4b2c-9279-342c4ad5002e">
 
 
 ## Integrating with GitHub Action