Docker Desktop's latest 4.18 release, brings a wealth of new features, including vulnerability quickview, recommendations, and image diffing for Docker Scout, stable Container File Explorer, an init command to quickly add Docker to a project, and experimental Compose File Watch to monitor changes inside a project.
Introduced in version 4.17 and currently available only for Docker Pro, Team, or Business subscriptions, Docker Scout aims to provide insights into container image security by analyzing image content and listing all identified CVEs using the docker scout cves command.
Docker Desktop 4.18 is now able to provide suggestions as to how to remediate to any identified CVEs. This is accomplished by running the docker scout recommendations command, which will hint at the availability of a new base image and list the benefits it will bring. Additionally, Scout offers a new docker scout quickview command to list all issues found in an image, including its base image, grouped by severity.
Docker Scout also brings a new experimental feature aimed to make it easier to compare images and retrospectively document which changes were made to an image to address its vulnerabilities. The report, which can be generated using docker scout compare includes a summary of CVEs found in the base images as well as a list of all added, removed, or updated packages.
A new CLI command in Docker Desktop 4.18, still in beta, is docker init, aimed to easily create all required files to add Docker to an existing project, including Dockerfiles, Compose files, and .dockerignore. Currently, docker init support Go projects, but Docker is working to add support for Node.js, Python, Rust, and other languages.
Away from the CLI, Docker Desktop includes a new GUI tool to simplify the task of checking or removing files within a container, the Container File Explorer. It allows developers to check a container file system, drag and drop files and folders, edit, and remove files. The new tool will be particularly useful in those cases where no shell is available within a running container.
As a final note about Docker Desktop 4.18 it is worth mentioning a new Compose configuration option aiming to keep services constantly up-to-date while you modify them. Still experimental, Compose File Watch includes a new watch service, which can be run by docker compose alpha watch. The service behavior can be controlled through a new x-develop section in compose.yaml which specifies a list of actions that should be run for any change to given targets. For example:
x-develop:
watch:
- action: sync
path: ./web
target: /app/web
- action: rebuild
path: .package.json
The snippet above will in have Compose automatically synchronize to any change under ./web and rebuilding the image for any change to package.json.
Do not miss the official release note for a detailed view of all changes in Docker Desktop 4.18.