scout_cves
Scan Docker images for known CVEs with Docker Scout. Filter by severity, only fixed versions, or exclude base image vulnerabilities for targeted security analysis.
Instructions
List vulnerabilities (CVEs) in an image via Docker Scout.
Anonymous scans work for public images; Hub policy enforcement and richer recommendations need
docker login on the host running this MCP server.
args: image - Image reference (a tag or a digest) only_fixed - Only report CVEs with a fixed version available only_severity - Filter to severities: "critical", "high", "medium", "low", "unspecified" ignore_base - Exclude CVEs introduced by the base image format - Output format: "json" (default; parsed into the return dict), "sarif", "spdx", "list", "markdown", or "text" platform - Platform of the image to analyze, e.g. "linux/amd64" returns: dict - {"format": , "result": , "raw": }
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| image | Yes | ||
| format | No | json | |
| platform | No | ||
| only_fixed | No | ||
| ignore_base | No | ||
| only_severity | No |