安装

使用 Automic Vault 安装

Automic Vault

下载 AV

sudo av install brew:docker

macOS

Homebrew 已验证 · 100%

brew install docker

local Homebrew formula metadata

MacPorts 已验证 · 94%

sudo port install docker

MacPorts ports tree · devel/docker/Portfile · 来源: api.github.com

Linux

Alpine Linux apk 已验证 · 92%

sudo apk add docker

Alpine Linux edge package indexes · docker · 来源: dl-cdn.alpinelinux.org

Nix 已验证 · 92%

nix profile install nixpkgs#docker

nixpkgs package indexes · docker · 来源: raw.githubusercontent.com

Arch Linux pacman 已验证 · 92%

sudo pacman -S docker

Arch Linux sync databases · docker · 来源: geo.mirror.pkgbuild.com

openSUSE zypper 已验证 · 92%

sudo zypper install docker

openSUSE Tumbleweed package metadata · docker · 来源: download.opensuse.org

Windows

Chocolatey 已验证 · 92%

choco install docker

Chocolatey community package catalog · docker · 来源: community.chocolatey.org

Scoop 已验证 · 92%

scoop install main/docker

Scoop official bucket manifest trees · bucket/docker.json · 来源: api.github.com

Windows Package Manager 已验证 · 92%

winget install --id Docker.DockerDesktop -e

Windows Package Manager source index · Docker.DockerDesktop · 来源: cdn.winget.microsoft.com

软件包管理器来源

https://formulae.brew.sh/formula/docker

平台说明

没有特定于此软件包的平台说明。

概览

软件包摘要

Automic Vault 根据本地软件包数据发布 docker 的安装路径、可执行文件事实和安全元数据。

主页

https://www.docker.com/

命令和别名

docker

来源摘要

Pack, ship and run any application as a lightweight container

radioisotope

Ambient Docker Registry Credentials

Docker registry credentials can be stored inline in ~/.docker/config.json or exposed through ambient Docker credential helpers such as docker-credential-osxkeychain and docker-credential-desktop. Those helpers store secrets outside the Docker config file, but any local process can invoke Docker's helper protocol directly and request stored registry credentials once Keychain allows the helper binary. Automic Vault currently detects this exposure but does not yet provide a Docker credential-helper adapter.

风险分类器

orange 风险 · high 置信度 · infrastructure

原因

doc example: container infrastructure

信号

override:docker

安装行为

No Homebrew post-install hook is recorded in formula metadata.
Homebrew bottle metadata is available for 6 platform targets.
安装时包含 1 个运行时依赖。
构建元数据列出 2 个构建依赖。

本地 README 摘录

Docker Radioisotope Detector

This detector reports Docker registry credential configurations that expose credentials to agents or other local processes.

Detected hazards:

Inline auth, identitytoken, or identityToken entries in

~/.docker/config.json or $DOCKER_CONFIG/config.json

Legacy ~/.dockercfg registry credentials
credsStore or credHelpers entries that use ambient Docker credential

helpers such as osxkeychain or desktop

Docker Desktop installs that do not configure an Automic Vault-backed default

credential helper

This radioisotope is detect-only. It does not wrap Docker, because Docker Desktop owns the usual CLI symlink locations and can replace wrappers during install, update, or settings changes.

来源: data/radioisotopes/docker/README.md

覆盖来源

https://formulae.brew.sh/formula/docker

Caveats

This radioisotope is detect-only.
We do not wrap the Docker CLI because Docker Desktop can replace the usual CLI symlinks.
Docker Desktop installs without an Automic Vault-backed default credential helper are reported.
Future remediation should configure Docker credsStore or credHelpers to use av credential-helper.

审批门

Human review metadata for risky commands

The local approval-gate seed includes 6 rules for docker. Covered entrypoints: docker. Severity labels: critical, high. Coverage: partial, 已审查 2026-05-21.

受控操作示例

Store registry credentials.
Push an image to a registry.
Run a container with elevated host privileges.
Mount host paths into a container.
Force-remove containers, images, volumes, networks, or system data.
Execute a command inside a running container.

可执行文件

已安装的可执行文件

命令	类型	暴露范围	备注
`docker`	cli	global executable

新鲜度

版本和新鲜度

这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时，才会提示版本落后。

页面生成时间2026-05-26

管理器版本29.5.2

管理器更新时间2026-05-20

本地数据ok

上游not checked

检测到的最新版本未检测到

https://github.com/docker/cli

info No cached GitHub release or tag data was available. https://github.com/docker/cli none 置信度

安装元数据

软件包元数据

软件包键	brew:docker
版本	29.5.2
软件包管理器	Homebrew
软件包管理器页面	https://formulae.brew.sh/formula/docker
主页	https://www.docker.com/
仓库	https://github.com/docker/cli
上游文档	https://www.docker.com/
许可证	Apache-2.0
源码归档	https://github.com/docker/cli.git
更新	2026-05-20T21:15:28Z
Pulse	updated
依赖	docker-completion
构建依赖	go, go-md2man
Bottle	可用 (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-install	未定义
服务	未声明

软件包图谱

链接来自本地软件包关系图、补充数据、依赖边、生态匹配和软件包 hub 归属。

来源线索

由仓库数据生成

此页面由 scripts/generate-pkg-pages.py 写入。如果 www/pkg/ 相对于本地软件包数据已过期，部署会拒绝发布。

使用的来源

Geiger risk classifier
Nucleus package database
approval-gate seed metadata
cross-ecosystem install command graph
local isotope README
package relationship graph
package version freshness
package-page enrichment
radioisotope security manifest

安装 docker