From d0ccced7289e310c8f88d8a61f199bcffe97c029 Mon Sep 17 00:00:00 2001 From: Greg Anderson Date: Thu, 9 Jul 2026 00:43:29 -0600 Subject: [PATCH] Add Docker Scout connector to the Pro connectors reference Document the Docker Scout findings connector: needs a Docker PAT created by an owner of a Docker organization enrolled in Docker Scout. Covers the Location (https://api.scout.docker.com), Secret (PAT), and Organization mappings, and that DefectDojo creates a Record per Docker Scout stream with summary findings (the metrics exporter reports aggregate counts, not per-CVE). Co-Authored-By: Claude --- .../connectors/connectors_tool_reference.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/content/import_data/pro/connectors/connectors_tool_reference.md b/docs/content/import_data/pro/connectors/connectors_tool_reference.md index ae54394f7db..739ec542e48 100644 --- a/docs/content/import_data/pro/connectors/connectors_tool_reference.md +++ b/docs/content/import_data/pro/connectors/connectors_tool_reference.md @@ -148,6 +148,27 @@ To generate a Dependency\-Track API key: For more information, see **[Dependency\-Track Documentation](https://docs.dependencytrack.org/integrations/rest-api/)**. +## **Docker Scout** + +The Docker Scout connector uses the Docker Scout metrics exporter API to report the vulnerability posture of your organization's images. DefectDojo discovers each Docker Scout stream (your runtime environments) and imports a summary of the vulnerabilities and policy compliance for each. + +#### Prerequisites + +You will need a Docker personal access token created by an **owner** of a Docker organization that is **enrolled in Docker Scout**. The metrics exporter is an organization-level feature, so a personal account, or an organization that is not enrolled in Docker Scout, will not return data. + +Create the token from your Docker account settings under **Personal access tokens**, and note your Docker **organization namespace**, which you will also need. + +#### Connector Mappings + +1. Enter `https://api.scout.docker.com` in the **Location** field. +2. Enter your Docker personal access token in the **Secret** field. +3. Enter your Docker **Organization** namespace. +4. Optionally, set a **Minimum Severity** to limit which findings are imported. Findings below the selected severity will not be imported. + +DefectDojo creates a separate Record for each Docker Scout stream, and imports one finding per severity for the vulnerabilities Docker Scout counts in that stream, plus a finding for each image that fails your Docker Scout policy. Docker Scout's metrics API reports aggregate counts rather than individual CVEs, so these findings summarize the posture of a stream. Open the stream in Docker Scout for per-image and per-CVE detail. + +See the [Docker Scout documentation](https://docs.docker.com/scout/) for more information. + ## **IriusRisk** The IriusRisk connector uses an API token to pull threat modeling data from your IriusRisk instance.