...

.github/workflows/publish-docker-container.yml

@@ -4,6 +4,8 @@ on:
   push:
     tags:
       - 'web-*'
+  pull_request:
+    branches: [ "**" ]
 
 jobs:
   build:
@@ -27,7 +29,7 @@ jobs:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
-    - name: Build and push
+    - name: Build and push Docker image
       uses: docker/build-push-action@v5
       with:
           context: .
@@ -39,23 +41,11 @@ jobs:
             "DEVEXPRESS_NUGET_KEY=${{ secrets.DEVEXPRESS_NUGET_KEY }}"
             "PACKAGE_TOKEN=${{ secrets.PACKAGE_TOKEN }}"
 
-    - name: Docker Scout Quickview and CVEs
+    - name: Docker Scout Quickview, CVEs, Recommendations, SBOM
       uses: docker/scout-action@v1
       with:
-          command: quickview,cves
-          image: stariongroup/comet-web-community-edition:${{ steps.meta.outputs.tags }}
-
-    - name: Docker Scout SBOM
-      uses: docker/scout-action@v1
-      with:
-          command: sbom
-          image: stariongroup/comet-web-community-edition:${{ steps.meta.outputs.tags }}
-          output: sbom.json 
-
-#    - name: Upload Docker Scout SARIF Report
-#      uses: github/codeql-action/upload-sarif@v3
-#      with:
-#          sarif_file: scout.sarif
+          command: quickview,cves,recommendations,sbom
+          image: ${{ steps.meta.outputs.tags }}
 
 #    - name: Invoke deployment hook
 #      uses: distributhor/workflow-webhook@v3