Skip to content

Add Docker Scout support for RISC-V64 #128

Closed
Closed
Add Docker Scout support for RISC-V64#128
Labels
docker-scoutDocker Scout pluginenhancementNew feature or request
@gounthar

Description

@gounthar
gounthar
opened on Nov 12, 2025

Overview

Add Docker Scout support for RISC-V64 architecture. Docker Scout is Docker's security and analysis CLI plugin that provides vulnerability scanning, base image recommendations, and SBOM (Software Bill of Materials) generation.

Why Docker Scout?

Security Benefits:

  • CVE scanning for container images
  • Vulnerability prioritization and remediation advice
  • Base image update recommendations
  • Policy evaluation for security compliance

Current State:

Gap: No official RISC-V64 binaries available

Implementation Plan

Phase 1: Weekly Builds

  • Create scout-weekly-build.yml workflow
  • Clone https://github.com/docker/scout-cli
  • Build native RISC-V64 binary using Go
  • Create releases with pattern scout-vX.Y.Z-riscv64 (official) or scout-vYYYYMMDD-dev (development)
  • Schedule: Sunday 06:00 UTC (after Buildx)

Phase 2: Release Tracking

  • Create track-scout-releases.yml workflow
  • Auto-detect new Docker Scout releases
  • Trigger builds automatically
  • Create tracking issues

Phase 3: Debian Packaging

  • Create debian-scout/ directory with packaging files
  • Create build-scout-package.yml workflow
  • Package as docker-scout-plugin
  • Install to /usr/libexec/docker/cli-plugins/docker-scout
  • Auto-trigger on scout release completion

Phase 4: RPM Packaging

  • Create rpm-scout/ directory with spec file
  • Create build-scout-rpm.yml workflow
  • Package as docker-scout-plugin
  • Auto-trigger on scout release completion

Phase 5: Gentoo Overlay

  • Create scripts/generate-scout-ebuild.sh
  • Add to generate-gentoo-overlay-modular.sh
  • Package as app-containers/docker-scout

Phase 6: Automation

  • Create .updatecli.d/gentoo-scout.yaml for version tracking
  • Add to UpdateCLI workflow
  • Auto-create PRs for new versions

Phase 7: Documentation

  • Update CLAUDE.md with Scout information
  • Update README.md with installation instructions
  • Add Scout testing procedures to testing docs

Technical Details

Source Repository: https://github.com/docker/scout-cli
Build Method: Native Go build on RISC-V64 runner
Binary Output: docker-scout (CLI plugin)
Install Path: /usr/libexec/docker/cli-plugins/docker-scout

Build Command:

cd scout-cli
export GOOS=linux GOARCH=riscv64 CGO_ENABLED=0
make binary

Usage:

docker scout version
docker scout cves <image>
docker scout quickview <image>
docker scout recommendations <image>

Dependencies

  • Docker CLI (for plugin framework)
  • Network access (for CVE database queries)
  • No additional binaries required

Testing Checklist

  • Binary builds successfully on RISC-V64
  • docker scout version shows correct version
  • Can scan local images
  • Can query CVE database
  • Debian package installs correctly
  • RPM package installs correctly
  • Plugin auto-detected by Docker CLI
  • Works with docker scout command

Success Criteria

  • Weekly automated builds producing RISC-V64 binaries
  • Debian and RPM packages available
  • Auto-tracking of upstream releases
  • Documentation updated
  • Installation tested on RISC-V64 hardware

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    docker-scoutDocker Scout pluginenhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions