[Update] GH action to publish-docker-container to include docker scou…

…t BOM

.github/workflows/publish-docker-container.yml

@@ -38,6 +38,30 @@ jobs:
             "DEVEXPRESS_NUGET_KEY=${{ secrets.DEVEXPRESS_NUGET_KEY }}"
             "PACKAGE_TOKEN=${{ secrets.PACKAGE_TOKEN }}"
 
+    - name: Docker Scout Quickview and CVEs
+      uses: docker/scout-action@v1
+      with:
+          command: quickview,cves
+          image: stariongroup/comet-web-community-edition:latest
+
+    - name: Docker Scout SBOM
+      uses: docker/scout-action@v1
+      with:
+          command: sbom
+          image: stariongroup/comet-web-community-edition:latest
+          output: sbom.json 
+
+    - name: Docker Scout Recommendations
+      uses: docker/scout-action@v1
+      with:
+          command: recommendations
+          image: stariongroup/comet-web-community-edition:latest
+
+    - name: Upload Docker Scout SARIF Report
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+          sarif_file: scout.sarif
+
     - name: Invoke deployment hook
       uses: distributhor/workflow-webhook@v3
       env: