From 5c0a370d34fcadb2fd051ad5acc2f1663041858a Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Sat, 20 Jan 2024 10:21:22 +0100
Subject: [PATCH] feat: docker scout example commmands and placeholders for
 docker-related tools

---
 knowledge base/acronyms and abbreviations.md |  3 ++
 knowledge base/dive.placeholder              |  1 +
 knowledge base/docker.md                     | 30 +++++++++++++++++---
 knowledge base/testcontainers.placeholder    |  1 +
 4 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 knowledge base/dive.placeholder
 create mode 100644 knowledge base/testcontainers.placeholder

diff --git a/knowledge base/acronyms and abbreviations.md b/knowledge base/acronyms and abbreviations.md
index a82ea7d..53b6cbb 100644
--- a/knowledge base/acronyms and abbreviations.md	
+++ b/knowledge base/acronyms and abbreviations.md	
@@ -71,6 +71,7 @@
 | RPM     | Revolutions Per Minute                                 |                                                                                                     |
 | RPM     | RPM Package Manager                                    | Package management system used by Linux distributions like Red Hat, (open)SuSE and Fedora           |
 | SAFE    | Scaled Agile FramEwork                                 |                                                                                                     |
+| SBOM    | Software Bill Of Materials                             | See [SBOM at a Glance]                                                                              |
 | SOPS    | Secrets OPerationS                                     |                                                                                                     |
 | SPIFFE  | Secure Production Identity Framework for Everyone      |                                                                                                     |
 | SQL     | Structured Query Language                              |                                                                                                     |
@@ -103,6 +104,7 @@
 
 - [CN (canonicalName vs CommonName) In Active Directory Explained]
 - [KISS principle is not that simple]
+- [SBOM at a Glance]
 
 <!--
   References
@@ -127,3 +129,4 @@
 <!-- Others -->
 [cn (canonicalname vs commonname) in active directory explained]: https://www.itechguides.com/what-is-cn-in-active-directory/
 [kiss principle is not that simple]: https://artero.dev/posts/kiss-principle-is-not-that-simple/
+[sbom at a glance]: https://www.ntia.gov/sites/default/files/publications/sbom_at_a_glance_apr2021_0.pdf
diff --git a/knowledge base/dive.placeholder b/knowledge base/dive.placeholder
new file mode 100644
index 0000000..764fbdc
--- /dev/null
+++ b/knowledge base/dive.placeholder	
@@ -0,0 +1 @@
+https://github.com/wagoodman/dive
diff --git a/knowledge base/docker.md b/knowledge base/docker.md
index da92cd7..80254e9 100644
--- a/knowledge base/docker.md	
+++ b/knowledge base/docker.md	
@@ -104,9 +104,27 @@ docker logout
 docker rmi 'alpine'
 docker image prune -a
 docker system prune -a
-```
 
-```sh
+
+# Display a summary of the vulnerabilities in images.
+# If not given any input, it targets the most recently built image.
+docker scout qv
+docker scout quickview 'debian:unstable-slim'
+docker scout quickview 'archive://hw.tar'
+
+# Display vulnerabilities in images.
+docker scout cves
+docker scout cves 'alpine'
+docker scout cves 'archive://alpine.tar'
+docker scout cves --format 'sarif' --output 'alpine.sarif.json' 'oci-dir://alpine'
+docker scout cves --format 'only-packages' --only-package-type 'golang' --only-vuln-packages 'fs://.'
+
+# Display base image update recommendations.
+docker scout recommendations
+docker scout recommendations 'golang:1.19.4' --only-refresh
+docker scout recommendations 'golang:1.19.4' --only-update
+
+
 # List builders.
 docker buildx ls
 
@@ -221,14 +239,16 @@ default      docker
 > See <https://github.com/docker/buildx/issues/59>.
 
 ```sh
-$ docker buildx build --platform 'linux/amd64,linux/arm64,linux/arm/v7' -t 'image:tag' '.'
-$ docker load …
+docker buildx build --platform 'linux/amd64,linux/arm64,linux/arm/v7' -t 'image:tag' '.'
+docker load …
 ```
 
 ## Further readings
 
 - [GitHub] page
 - [Podman]
+- [Dive]
+- [Testcontainers]
 
 ## Sources
 
@@ -244,7 +264,9 @@ $ docker load …
 
 <!-- Knowledge base -->
 [containerd]: containerd.placeholder
+[dive]: dive.placeholder
 [podman]: podman.placeholder
+[testcontainers]: testcontainers.placeholder
 
 <!-- Upstream -->
 [building multi-arch images for arm and x86 with docker desktop]: https://www.docker.com/blog/multi-arch-images/
diff --git a/knowledge base/testcontainers.placeholder b/knowledge base/testcontainers.placeholder
new file mode 100644
index 0000000..1576436
--- /dev/null
+++ b/knowledge base/testcontainers.placeholder	
@@ -0,0 +1 @@
+https://testcontainers.com/