docker scout sbom --format list cgr.dev/chainguard/wolfi-baseoutput:
| Name | Version | Type |
|---|---|---|
| apk-tools | 2.14.4-r0 | apk |
| busybox | 1.36.1-r10 | apk |
| busybox | 1.36.1-r10 | apk |
| ca-certificates | 20240705-r0 | apk |
| ca-certificates-bundle | 20240705-r0 | apk |
| glibc | 2.40-r1 | apk |
| glibc | 2.40-r1 | apk |
| glibc-locale-posix | 2.40-r1 | apk |
| glibc-locale-posix | 2.40-r1 | apk |
| ld-linux | 2.40-r1 | apk |
| libcrypt1 | 2.40-r1 | apk |
| libcrypto3 | 3.3.1-r5 | apk |
| libssl3 | 3.3.1-r5 | apk |
| libxcrypt | 4.4.36-r7 | apk |
| openssl | 3.3.1-r5 | apk |
| wolfi-base | 1-r6 | apk |
| wolfi-baselayout | 20230201-r15 | apk |
| wolfi-keys | 1-r8 | apk |
| zlib | 1.3.1-r4 | apk |
How can I see the image size in an extra column to the right?
Also curious why:
docker scout cves cgr.dev/chainguard/wolfi-base
| Analyzed Image | |
|---|---|
| Target | cgr.dev/chainguard/wolfi-base:latest |
| digest | 2f7a8e1fcd71 |
| platform | linux/amd64 |
| vulnerabilities | 0C 0H 0M 0L |
| size | 7.2 MB |
| packages | 16 |
shows total size as 7.2MB
BUT
docker image inspectshows. "Size": 15394739:
(ie 15.4mb)
Using docker image ls it also shows as 15.4mb so I assume thats the final image size, but not sure why docker scout cves shows it differently.
The size shown by docker scout cves is the compressed size stored by the registry (and transferred in docker pull). The 15.4 MB will be the uncompressed size on disk.
Regarding formatting, I think the best solution would be to write a program which reads the json output from docker scout and complements it with size data then writes out a new table.