Run Docker Scout on push to main

florian-h05 · Mar 13, 2024 · 4400cc7 · 4400cc7
1 parent ab42edc
commit 4400cc7
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -96,8 +96,9 @@ jobs:
 
       # Use Docker Scout to analyze security vulnerabilities
       # https://github.com/docker/scout-action
+      # Run compare command on PR
       - name: Docker Scout
-        id: docker-scout
+        id: docker-scout-pr
         if: ${{ github.event_name == 'pull_request' }}
         uses: docker/scout-action@v1
         with:
@@ -110,3 +111,16 @@ jobs:
           only-severities: critical,high
           write-comment: true
           github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment
+      # Run all-in-one on push to main
+      - name: Run Docker Scout
+        id: docker-scout-main
+        if: ${{ github.ref_name == 'main' }}
+        uses: docker/scout-action@v1
+        with:
+          dockerhub-user: ${{ secrets.DOCKER_USER }}
+          dockerhub-password: ${{ secrets.DOCKER_PAT }}
+          command: cves,recommendations,compare
+          to-latest: true
+          ignore-base: true
+          ignore-unchanged: true
+          only-fixed: true