scout_cves
List vulnerabilities (CVEs) in a Docker image, with filters for fixed versions, severity, and base image exclusion.
Instructions
List vulnerabilities (CVEs) in an image via Docker Scout.
Anonymous scans work for public images; Hub policy enforcement and richer recommendations need
docker login on the host running this MCP server.
args: image - Image reference (a tag or a digest) only_fixed - Only report CVEs with a fixed version available only_severity - Filter to severities: "critical", "high", "medium", "low", "unspecified" ignore_base - Exclude CVEs introduced by the base image format - Output format: "json" (default; parsed into the return dict), "sarif", "spdx", "list", "markdown", or "text" platform - Platform of the image to analyze, e.g. "linux/amd64" returns: dict - {"format": , "result": , "raw": }
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| image | Yes | ||
| format | No | json | |
| platform | No | ||
| only_fixed | No | ||
| ignore_base | No | ||
| only_severity | No |