Adding Docker Scout Security Action #30

Summary
Jobs
- scout
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/docker-scout.yaml at 7cdea84

	name: Docker Scout

	on:
	pull_request:
	types: [opened, reopened, synchronize]

	env:
	GH_TOKEN: ${{ github.token }}

	# permissions:
	# pull-requests: write

	jobs:
	scout:
	runs-on: ubuntu-latest
	permissions: write-all
	# container:
	# image: docker/scout-cli
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	# - name: Set up Docker Buildx
	# uses: docker/setup-buildx-action@v3
	- name: Login to DockerHub Container Registry
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USER }}
	password: ${{ secrets.DOCKERHUB_PW }}
	# - name: Build
	# run: docker build --platform linux/amd64 -t bwa-scout -f bwa/Dockerfile_latest .
	# docker scout cves bwa-test --only-fixed --format markdown \| gh issue create --repo getwilds/wilds-docker-library --title "bwa CVE Analysis" --body-file -
	# docker scout cves getwilds/gatk:latest --only-fixed --format sarif --output test.json \
	# && jq '.runs[0].tool.driver.rules \| length' test.json
	- name: Install Docker Scout
	run: \|
	curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
	sh install-scout.sh
	- name: Docker Scout
	run: \|
	docker scout cves getwilds/bwa:latest --only-fixed --format sarif --output cves.json
	NUM_VUL=$(jq '.runs[0].tool.driver.rules \| length' cves.json)
	if [[ $NUM_VUL -ge 1 ]]; then
	docker scout cves getwilds/bwa:latest --only-fixed --format markdown --output cves.html
	if [[ $(wc -c cves.html) -le 65536 ]]; then
	gh issue create --repo getwilds/wilds-docker-library --title "bwa Vulnerability Analysis" --body-file cves.html
	else
	echo "Significant issues present in bwa, see quickview below and run CVE analysis locally." > quickview.txt
	docker scout quickview getwilds/bwa:latest >> quickview.txt
	gh issue create --repo getwilds/wilds-docker-library --title "bwa Vulnerability Analysis" --body-file quickview.html
	fi
	fi
	# id: docker-scout
	# uses: docker/scout-action@v1
	# with:
	# command: cves,recommendations
	# only-fixed: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adding Docker Scout Security Action #30

Workflow file

Adding Docker Scout Security Action #30

Jobs

Run details

Workflow file for this run