diff --git a/.github/workflows/docker-scout.yaml b/.github/workflows/docker-scout.yaml index 2b77041..7be4dff 100644 --- a/.github/workflows/docker-scout.yaml +++ b/.github/workflows/docker-scout.yaml @@ -14,12 +14,17 @@ jobs: uses: actions/checkout@v4 - name: Setup Docker buildx uses: docker/setup-buildx-action@v3 - - name: Build and push Docker image + - name: Build Docker image uses: docker/build-push-action@v4.0.0 with: context: ./25-docker-scout push: false tags: ${{ steps.meta.outputs.tags }} + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Docker Scout id: docker-scout uses: docker/scout-action@v1 diff --git a/25-docker-scout/README.md b/25-docker-scout/README.md index 0ae09ff..37e42e3 100644 --- a/25-docker-scout/README.md +++ b/25-docker-scout/README.md @@ -142,4 +142,4 @@ While manual scanning is valuable, integrating vulnerability checks into your CI Docker Scout has a [GitHub Action](https://github.com/docker/scout-action) to run the Docker Scout CLI as part of your workflows. -Here is an example workflow (`.github/workflows/docker-scout.yaml`) which runs Docker Scout on every push and reports only Critical and High vulnerabilities as a comment to a PR. \ No newline at end of file +Here is an example workflow (`.github/workflows/docker-scout.yaml`) which runs Docker Scout on every push and reports only Critical and High vulnerabilities as a comment to a PR. This actions requires authentication to Docker Hub, so we should add `DOCKERHUB_USERNAME` and `DOCKERHUB_TOKEN` to secrets. \ No newline at end of file