From fa3ec4e3f2b128f7b14e825dceb9bf99558b0a16 Mon Sep 17 00:00:00 2001
From: samatstarion <s.gerene@stariongroup.eu>
Date: Mon, 9 Dec 2024 16:38:30 +0100
Subject: [PATCH] [Update] GH action to publish-docker-container to include
 docker scout BOM

---
 .../workflows/publish-docker-container.yml    | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/.github/workflows/publish-docker-container.yml b/.github/workflows/publish-docker-container.yml
index 362538cc..efecca63 100644
--- a/.github/workflows/publish-docker-container.yml
+++ b/.github/workflows/publish-docker-container.yml
@@ -38,6 +38,30 @@ jobs:
             "DEVEXPRESS_NUGET_KEY=${{ secrets.DEVEXPRESS_NUGET_KEY }}"
             "PACKAGE_TOKEN=${{ secrets.PACKAGE_TOKEN }}"
 
+    - name: Docker Scout Quickview and CVEs
+      uses: docker/scout-action@v1
+      with:
+          command: quickview,cves
+          image: stariongroup/comet-web-community-edition:latest
+
+    - name: Docker Scout SBOM
+      uses: docker/scout-action@v1
+      with:
+          command: sbom
+          image: stariongroup/comet-web-community-edition:latest
+          output: sbom.json 
+  
+    - name: Docker Scout Recommendations
+      uses: docker/scout-action@v1
+      with:
+          command: recommendations
+          image: stariongroup/comet-web-community-edition:latest
+  
+    - name: Upload Docker Scout SARIF Report
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+          sarif_file: scout.sarif
+
     - name: Invoke deployment hook
       uses: distributhor/workflow-webhook@v3
       env: