Update ci.yml

Docker scan
agondo69 · Jan 7, 2025 · 07b9608 · 07b9608
1 parent a17e0a8
commit 07b9608
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -28,6 +28,30 @@ jobs:
         with: 
          name: Bandit vulnerability findings
          path: bandit-report.json
+
+  dockerimage_scan:
+      name: Build our image and run a scan on it
+      runs-on: ubuntu-latest
+
+      steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up our docker
+        uses: docker-practice/actions-setup-docker@v1
+        with:
+         docker_version: '20.10'
+
+      - name: Build the image
+        run: docker build -f Dockerfile -t agapp:latest .
+
+      - name: Docker Scout Scan for image
+        run: |
+         curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
+         sh install-scout.sh
+         docker scout quickview
+         docker scout cves
+