Docker SBOM plugin migration to Docker Scout

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

Author: crazy-max

content/guides/cpp/security.md

@@ -13,41 +13,28 @@ aliases:
 
 - You have a [Git client](https://git-scm.com/downloads). The examples in this section use a command-line based Git client, but you can use any client.
 - You have a Docker Desktop installed, with containerd enabled for pulling and storing images (it's a checkbox in **Settings** > **General**). Otherwise, if you use Docker Engine:
-  - You have the [Docker SBOM CLI plugin](https://github.com/docker/sbom-cli-plugin) installed. To install it on Docker Engine, use the following command:
-
-    ```bash
-    $ curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --
-    ```
-
   - You have the [Docker Scout CLI plugin](https://docs.docker.com/scout/install/) installed. To install it on Docker Engine, use the following command:
 
     ```bash
     $ curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
     ```
-    
+
   - You have [containerd enabled](https://docs.docker.com/engine/storage/containerd/) for Docker Engine.
 
 ## Overview
 
-This section walks you through extracting Software Bill of Materials (SBOMs) from a C++ Docker image using the Docker SBOM CLI plugin. SBOMs provide a detailed list of all the components in a software package, including their versions and licenses. You can use SBOMs to track the provenance of your software and ensure that it complies with your organization's security and licensing policies.
+This section walks you through extracting Software Bill of Materials (SBOMs) from a C++ Docker image using Docker Scout. SBOMs provide a detailed list of all the components in a software package, including their versions and licenses. You can use SBOMs to track the provenance of your software and ensure that it complies with your organization's security and licensing policies.
 
 ## Generate an SBOM
 
 Here we will use the Docker image that we built in the [Create a multi-stage build for your C++ application](/guides/language/cpp/multistage/) guide. If you haven't already built the image, follow the steps in that guide to build the image.
 The image is named `hello`. To generate an SBOM for the `hello` image, run the following command:
 
 ```bash
-$ docker sbom hello
+$ docker scout sbom --format list hello
 ```
 
 The command will say "No packages discovered". This is because the final image is a scratch image and doesn't have any packages.
-Let's try again with Docker Scout:
-
-```bash
-$ docker scout sbom --format=list hello
-```
-
-This command will tell you the same thing.
 
 ## Generate an SBOM attestation
 
@@ -85,12 +72,11 @@ $ docker buildx build --sbom=true -t hello:sbom .
 This command will build the image and generate an SBOM attestation. You can verify that the SBOM is attached to the image by running the following command:
 
 ```bash
-$ docker scout sbom --format=list hello:sbom
+$ docker scout sbom --format list hello:sbom
 ```
 
-Note that the normal `docker sbom` command will not load the SBOM attestation.
-
 ## Summary
 
 In this section, you learned how to generate SBOM attestation for a C++ Docker image during the build process.
-The normal image scanners will not be able to generate SBOMs from scratch images.
+Image scanners that inspect only the final filesystem may not identify packages in scratch images.
+Use SBOM attestations to preserve package metadata from the build.

content/manuals/scout/how-tos/view-create-sboms.md

@@ -11,6 +11,12 @@ aliases:
 Docker Scout uses SBOM attestations if available on the image (recommended).
 If no SBOM attestation is available, Docker Scout creates one by indexing the image contents.
 
+> [!NOTE]
+> The standalone Docker SBOM CLI plugin and its `docker sbom` command are
+> discontinued. Use `docker scout sbom` for SBOM generation and inspection. If
+> the `docker scout` command isn't available, see [Install Docker
+> Scout](/manuals/scout/install.md).
+
 ## View from CLI
 
 To view the contents of the SBOM that Docker Scout generates, you can use the
@@ -59,6 +65,54 @@ $ docker scout sbom --format list alpine
 For more information about the `docker scout sbom` command, refer to the [CLI
 reference](/reference/cli/docker/scout/sbom/).
 
+## Migrate from Docker SBOM CLI plugin
+
+Replace `docker sbom` commands with `docker scout sbom`. Docker Scout defaults
+to JSON output, while the Docker SBOM CLI plugin defaulted to a table-style
+report. Use `--format list` when you want human-readable terminal output.
+
+```console
+$ docker sbom alpine:latest
+$ docker scout sbom --format list alpine:latest
+```
+
+For standard machine-readable output, select the output format explicitly:
+
+```console
+$ docker sbom alpine:latest --format spdx-json --output sbom.spdx.json
+$ docker scout sbom --format spdx --output sbom.spdx.json alpine:latest
+
+$ docker sbom alpine:latest --format cyclonedx-json --output sbom.cdx.json
+$ docker scout sbom --format cyclonedx --output sbom.cdx.json alpine:latest
+```
+
+If a script consumed the Docker SBOM CLI plugin's `syft-json` output, validate
+the script against the JSON output from `docker scout sbom`, or use a standard
+format such as SPDX or CycloneDX.
+
+The `--output` and `--platform` flags have direct Docker Scout equivalents:
+
+```console
+$ docker sbom alpine:latest --format table --output sbom.txt
+$ docker scout sbom --format list --output sbom.txt alpine:latest
+
+$ docker sbom alpine:latest --platform linux/arm64
+$ docker scout sbom alpine:latest --platform linux/arm64
+```
+
+Docker Scout also supports explicit artifact prefixes for scripts that need to
+control where an image is resolved from:
+
+```console
+$ docker scout sbom local://alpine:latest
+$ docker scout sbom registry://alpine:latest
+```
+
+The Docker SBOM CLI plugin's experimental `--layers` and `--exclude` flags
+don't have direct `docker scout sbom` equivalents. Use
+`docker scout sbom --help` to review the supported Docker Scout flags before
+migrating scripts that depend on plugin-specific options.
+
 ## Attach as build attestation {#attest}
 
 You can generate the SBOM and attach it to the image at build-time as an