Scout logo white new

Software supply chain, simplified
Now in General Availability


Actionable insights for software supply chain management

Docker Scout generates signals across the software supply chain that inform improved development workflows. Developers are guided by contextual recommendations right where they work, leveraging data collected from a wide range of integrations.

Scout hero illustration

Why Docker Scout?

Visibility across the software supply chain

Download the whitepaper

Icon risks scout


Docker Scout offers developers analysis and context into components, libraries, tools, and processes, resulting in increased transparency of the software supply chain.

Icon threats scout


Docker Scout guides users toward smarter development decisions through context-aware recommendations, enabling developers to efficiently build applications with reliability and security in place from the start.

Icon scout shield check


Docker Scout detects, highlights, and suggests corrections based on relevant changes in state or deviation of policies. Application security is ensured by providing suggestions to tackle security concerns before they hit production.

Key Docker Scout features

Build with reliability and security in place from the start

Icon scout secure trusted

Trusted content

Track the life cycle of software artifacts built on trusted content, including Docker Official Images, Docker Verified Publishers, and Docker-Sponsored Open Source, which form the foundation for reliable and secure software applications.

Icon terminal scout

Centralized view

Operate from one view of centralized insights, for visibility and control over all of the information in the software development process from the software design phase into production.

Icon realtime scout

Recommended workflows

Build faster and more reliable applications through context-aware recommendations embedded into common developer workflows, all while improving application security posture and ensuring compliance with internal security requirements.

Try Docker Scout

Already have Docker?

Start using Docker Scout to manage your software supply chain.

Use Scout today

Get started with Docker Scout and generate actionable insights across the software supply chain.

Contact sales


Who can enable Docker Scout for my organization?
You must be an admin for the organization to enable Docker Scout.
Will remediation suggestions change depending on which layer is vulnerable?
If your base image has a security concern, Docker Scout will check for updates and patches to suggest how to replace the image. If issues exist in other layers, Docker Scout will reveal precisely where it was introduced and make recommendations accordingly.
How is Docker Scout using an SBOM?
An SBOM, or software bill of materials, is a list of ingredients that make up software components. Docker Scout cross-references SBOMs with streaming CVE data to surface vulnerabilities (and potential remediation) as soon as possible.
What makes Docker Scout different from other tools?
Competitors, if they offer remediation guidance at all, miss the mark on their limited scope of application security posture within the software supply chain, and often limited guidance when it comes to suggested fixes. Competitors have either limitations on runtime monitoring or no runtime protection at all. When they do offer runtime monitoring, it’s limited in its adherence to key policies. Competitors offer a limited scope on policy evaluation for Docker-specific builds.
Can I still use other security tools, such as Snyk, in tandem with Docker Scout?
Yes. Docker is committed to supporting developers and their favorite tools and will continue to offer flexible integration whenever possible. Some security tools provide Docker Extensions to make integration even more accessible.
What do I need to enable Docker Scout on remote images in Docker Hub, Amazon ECR, or JFrog Artifactory?
Docker Scout requires a Docker Hub organization. Learn more about configuring Scout for your registry in our technical documentation: Docker Hub, Amazon ECR, JFrog Artifactory.
What do I need to enable Docker Scout on remote images in registries?
Scout requires a Docker Hub organization. You can use Scout registries other than Docker Hub. Learn more about configuring Scout with your registries in the Scout documentation.

Pricing FAQ

Can I use Docker Scout on private images?
Docker Scout features on Docker Desktop can analyze any private, local image. There are no usage limits for local use of Docker. For private, remote images, you’ll need a Docker Hub organization as well as the pertinent registry (JFrog or Amazon ECR) account. Each organization on the Docker Scout Free plan may enable up to 3 repos for Docker Scout.
How are repos counted?
A repo is any repository that has been enabled to use Docker Scout. Docker Scout can be enabled in repos on Docker Hub. Docker Scout also includes integrations with other registries (JFrog Artifactory or Amazon ECR), CI/CD systems (GitHub Actions, GitLab DevOps, Microsoft ADO), and runtime monitoring (Sysdig).
What license terms are available?
Scout Team can be purchased on a monthly or annual basis; Scout Business can only be purchased on an annual basis.
Which registries and CI/CD systems does Scout currently support?
Docker Scout can be enabled for the following:

Registries: Docker Hub, JFrog Artifactory, Amazon ECR
CI/CD Systems: GitHub Actions, Gitlab, Jenkins, Microsoft ADO
Runtime monitoring: Sysdig

Any repo enabled for Docker Scout counts towards the monthly repo allowance for your plan.