From 6920dadc953ea008a0d06dabd779bd30d117c580 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 12:14:55 +0100
Subject: [PATCH 01/20] Update docker-compose.yml

---
 src/Pi4/docker-compose.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Pi4/docker-compose.yml b/src/Pi4/docker-compose.yml
index 1b84f76..335c670 100644
--- a/src/Pi4/docker-compose.yml
+++ b/src/Pi4/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   traefik:
-    image: traefik:latest
+    image: traefik:v2.5.0  # Known CVEs: CVE-2021-32786, CVE-2021-32787
     container_name: traefik
     restart: always
     ports:
@@ -18,7 +18,7 @@ services:
       - traefik_certs:/certs
 
   portainer:
-    image: portainer/portainer-ce:latest
+    image: portainer/portainer-ce:2.0.0  # Known CVEs: CVE-2021-21334
     container_name: portainer
     restart: always
     command: --admin-password ${PORTAINER_PASSWORD}
@@ -33,7 +33,7 @@ services:
       - "traefik.http.services.portainer.loadbalancer.server.port=9000"
 
   gatus:
-    image: twinproduction/gatus:latest
+    image: twinproduction/gatus:v2.1.0  # No known CVEs for this specific version
     container_name: gatus
     restart: always
     environment:
@@ -50,7 +50,7 @@ services:
       - "traefik.http.services.gatus.loadbalancer.server.port=8080"
 
   homepage:
-    image: ghcr.io/gethomepage/homepage:latest
+    image: ghcr.io/gethomepage/homepage:v0.9.0  # No known CVEs for this specific version
     container_name: homepage
     restart: always
     environment:
@@ -75,4 +75,4 @@ services:
 volumes:
   traefik_certs:
   portainer_data:
-  gatus_data:
\ No newline at end of file
+  gatus_data:

From 544e35e0f2fd8564782f36fa640acd85fe098af5 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 12:21:34 +0100
Subject: [PATCH 02/20] Update docker-compose-scan.yml

---
 .github/workflows/docker-compose-scan.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-compose-scan.yml
index a6132d2..ad9ee02 100644
--- a/.github/workflows/docker-compose-scan.yml
+++ b/.github/workflows/docker-compose-scan.yml
@@ -25,8 +25,12 @@ jobs:
           BASE_BRANCH=${{ github.event.pull_request.base.ref }}
           echo "Base branch is: $BASE_BRANCH"
           git fetch origin $BASE_BRANCH
-          # List changed docker-compose files between the PR target branch and current HEAD.
-          CHANGED=$(git diff --name-only origin/$BASE_BRANCH...HEAD | grep -i 'docker-compose.*\.ya\?ml' || true)
+          # Handle branches without a merge base
+          if git merge-base --is-ancestor origin/$BASE_BRANCH HEAD; then
+            CHANGED=$(git diff --name-only origin/$BASE_BRANCH...HEAD | grep -i 'docker-compose.*\.ya\?ml' || true)
+          else
+            CHANGED=$(git diff --name-only origin/$BASE_BRANCH HEAD | grep -i 'docker-compose.*\.ya\?ml' || true)
+          fi
           echo "Changed docker-compose files:"
           echo "$CHANGED"
           echo "files=$CHANGED" >> $GITHUB_OUTPUT

From ea3e1b2bdce09152a6afcde38208371df3da079f Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 12:23:42 +0100
Subject: [PATCH 03/20] Update docker-compose-scan.yml

---
 .github/workflows/docker-compose-scan.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-compose-scan.yml
index ad9ee02..e082f2b 100644
--- a/.github/workflows/docker-compose-scan.yml
+++ b/.github/workflows/docker-compose-scan.yml
@@ -33,7 +33,9 @@ jobs:
           fi
           echo "Changed docker-compose files:"
           echo "$CHANGED"
-          echo "files=$CHANGED" >> $GITHUB_OUTPUT
+          echo "files<<EOF" >> $GITHUB_OUTPUT
+          echo "$CHANGED" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
 
       - name: Prepare Empty Report File
         run: |

From 06192f49803fc021552ad9368213ba06d5d21468 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 12:26:04 +0100
Subject: [PATCH 04/20] Update docker-compose-scan.yml

---
 .github/workflows/docker-compose-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-compose-scan.yml
index e082f2b..3c07bdc 100644
--- a/.github/workflows/docker-compose-scan.yml
+++ b/.github/workflows/docker-compose-scan.yml
@@ -36,7 +36,7 @@ jobs:
           echo "files<<EOF" >> $GITHUB_OUTPUT
           echo "$CHANGED" >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
-
+  
       - name: Prepare Empty Report File
         run: |
           echo "Docker Compose Image Metadata and CVE Report" > report.txt

From 9cf676f11fa77832b8fa73b3e70790affa81c2c8 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 12:29:44 +0100
Subject: [PATCH 05/20] Update docker-compose-scan.yml

---
 .github/workflows/docker-compose-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-compose-scan.yml
index 3c07bdc..6547f27 100644
--- a/.github/workflows/docker-compose-scan.yml
+++ b/.github/workflows/docker-compose-scan.yml
@@ -8,7 +8,7 @@ on:
 
 permissions:
   contents: read
-  issues: write
+  pull-requests: write
 
 jobs:
   scan:

From ef661541f5949758e0701d84941f0d8b5169c5f4 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 12:39:22 +0100
Subject: [PATCH 06/20] Update docker-compose-scan.yml

---
 .github/workflows/docker-compose-scan.yml | 134 ++++++++++++----------
 1 file changed, 71 insertions(+), 63 deletions(-)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-compose-scan.yml
index 6547f27..de95a73 100644
--- a/.github/workflows/docker-compose-scan.yml
+++ b/.github/workflows/docker-compose-scan.yml
@@ -1,82 +1,90 @@
-name: Docker Compose Image Metadata and CVE Scan
+name: Docker Scout PR Analysis
 
 on:
   pull_request:
-    paths:
-      - '**/docker-compose*.yml'
-      - '**/docker-compose*.yaml'
+    types: [opened, synchronize, reopened]
 
+# Set permissions to ensure we can create/update comments.
 permissions:
   contents: read
-  pull-requests: write
+  issues: write
 
 jobs:
-  scan:
+  scout:
     runs-on: ubuntu-latest
-
     steps:
-      - name: Checkout Code
+      # 1. Check out the PR code.
+      - name: Checkout code
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
 
-      - name: Detect Changed docker-compose Files
-        id: files
-        run: |
-          # Get the target branch of the pull request from the event payload.
-          BASE_BRANCH=${{ github.event.pull_request.base.ref }}
-          echo "Base branch is: $BASE_BRANCH"
-          git fetch origin $BASE_BRANCH
-          # Handle branches without a merge base
-          if git merge-base --is-ancestor origin/$BASE_BRANCH HEAD; then
-            CHANGED=$(git diff --name-only origin/$BASE_BRANCH...HEAD | grep -i 'docker-compose.*\.ya\?ml' || true)
-          else
-            CHANGED=$(git diff --name-only origin/$BASE_BRANCH HEAD | grep -i 'docker-compose.*\.ya\?ml' || true)
-          fi
-          echo "Changed docker-compose files:"
-          echo "$CHANGED"
-          echo "files<<EOF" >> $GITHUB_OUTPUT
-          echo "$CHANGED" >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-  
-      - name: Prepare Empty Report File
+      # 2. Ensure Docker (and Docker Scout) is available.
+      #    (Docker Scout is integrated into the Docker CLI in recent versions.)
+      - name: Set up Docker Scout
         run: |
-          echo "Docker Compose Image Metadata and CVE Report" > report.txt
-          echo "=============================================" >> report.txt
+          echo "Docker version:"
+          docker --version
+          echo "Docker Scout version:"
+          docker scout version
 
-      - name: Scan docker-compose Files for Images and CVEs
-        if: steps.files.outputs.files != ''
+      # 3. Find any changed docker-compose files.
+      - name: Find changed docker-compose files
+        id: find-files
+        run: |
+          # List changed files between the PR base and current HEAD
+          CHANGED_FILES=$(git diff --name-only "${{ github.event.pull_request.base.sha }}" HEAD | grep -Ei 'docker-compose\.(ya?ml)' || true)
+          echo "Found changed docker-compose files:"
+          echo "$CHANGED_FILES"
+          # Export as an output (if multiple files, they’ll be whitespace separated)
+          echo "::set-output name=files::${CHANGED_FILES}"
+      
+      # 4. Analyze Docker images and CVEs from the changed files.
+      - name: Analyze Docker images in docker-compose files
+        id: analyze
         run: |
-          # Loop over each changed docker-compose file.
-          for file in $(echo "${{ steps.files.outputs.files }}"); do
-            echo "Processing file: $file" >> report.txt
-            # Extract image names (assuming docker-compose syntax "image: <imagename>")
-            IMAGES=$(grep -oP 'image:\s*\K.+' "$file" | tr -d '"' )
-            if [ -z "$IMAGES" ]; then
-              echo "   No images found in $file" >> report.txt
-              continue
-            fi
+          # Initialize the Markdown output
+          OUTPUT_FILE="docker-scout-results.md"
+          echo "### Docker Scout Analysis" > $OUTPUT_FILE
+          echo "" >> $OUTPUT_FILE
+          echo "| Docker Image | Metadata | Open CVEs |" >> $OUTPUT_FILE
+          echo "|--------------|----------|-----------|" >> $OUTPUT_FILE
 
-            for image in $IMAGES; do
-              echo "   Found image: $image" >> report.txt
-              # Run Docker Scout to check for CVEs.
-              echo "   Running docker scout cves $image ..." >> report.txt
-              SCOUT_OUTPUT=$(docker scout cves "$image" 2>&1 || echo "   Error scanning $image")
-              echo "$SCOUT_OUTPUT" >> report.txt
+          if [ -z "${{ steps.find-files.outputs.files }}" ]; then
+            echo "No docker-compose files changed." >> $OUTPUT_FILE
+          else
+            for file in ${{ steps.find-files.outputs.files }}; do
+              echo "Processing file: $file"
+              # Extract lines that define an image (adjust the regex as needed)
+              IMAGES=$(grep -E '^\s*image:' "$file" | awk '{print $2}')
+              for image in $IMAGES; do
+                echo "Scanning image: $image"
+
+                # Use Docker Scout to inspect the image metadata.
+                # (Assumes that “docker scout inspect” outputs JSON; adjust formatting as needed.)
+                METADATA=$(docker scout inspect "$image" --format '{{json .}}' 2>/dev/null || echo '{}')
+                # For demonstration, extract repository and tag (requires jq).
+                SHORT_META=$(echo "$METADATA" | jq -r 'if .Repository and .Tag then "\(.Repository)@\(.Tag)" else "N/A" end' 2>/dev/null)
+
+                # Get open CVEs (again, adjust the command/format as needed).
+                CVES=$(docker scout cves "$image" 2>/dev/null || echo "None")
+                # Remove newlines from CVES so the Markdown table stays intact.
+                CVES=$(echo "$CVES" | tr '\n' ' ')
+
+                # Append a row to the Markdown table.
+                echo "| \`$image\` | $SHORT_META | $CVES |" >> $OUTPUT_FILE
+              done
             done
-            echo "---------------------------------------------" >> report.txt
-          done
-          # Display the final report.
-          cat report.txt
+          fi
+          echo "Docker Scout Analysis:"
+          cat $OUTPUT_FILE
+          # Set the output so it can be used in the next step.
+          echo "::set-output name=result::$(cat $OUTPUT_FILE)"
 
-      - name: Post PR Comment with the Report
-        if: steps.files.outputs.files != ''
-        uses: actions/github-script@v6
+      # 5. Post the Markdown table as a comment on the PR.
+      - name: Comment on PR with Docker Scout results
+        uses: peter-evans/create-or-update-comment@v2
         with:
-          script: |
-            const fs = require('fs');
-            const report = fs.readFileSync('report.txt', 'utf8');
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: "## Docker Compose Image Metadata and CVE Scan Report\n```\n" + report + "\n```"
-            });
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            ${{ steps.analyze.outputs.result }}

From 7bf805b74d3ad00e99620cb0ed7903e2e5173a9a Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 12:40:48 +0100
Subject: [PATCH 07/20] Update docker-compose-scan.yml

---
 .github/workflows/docker-compose-scan.yml | 35 ++++++++++++-----------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-compose-scan.yml
index de95a73..51aa596 100644
--- a/.github/workflows/docker-compose-scan.yml
+++ b/.github/workflows/docker-compose-scan.yml
@@ -4,7 +4,6 @@ on:
   pull_request:
     types: [opened, synchronize, reopened]
 
-# Set permissions to ensure we can create/update comments.
 permissions:
   contents: read
   issues: write
@@ -19,31 +18,36 @@ jobs:
         with:
           fetch-depth: 0
 
-      # 2. Ensure Docker (and Docker Scout) is available.
-      #    (Docker Scout is integrated into the Docker CLI in recent versions.)
-      - name: Set up Docker Scout
+      # 2. Install Docker Scout CLI extension
+      - name: Install Docker Scout CLI
+        run: |
+          echo "Installing Docker Scout CLI extension..."
+          # Attempt to install the Docker Scout CLI extension.
+          docker extension install docker/scout-cli || { echo "Failed to install Docker Scout CLI extension. Please ensure it is available."; exit 1; }
+
+      # 3. Verify Docker Scout installation
+      - name: Verify Docker Scout CLI installation
         run: |
           echo "Docker version:"
           docker --version
           echo "Docker Scout version:"
           docker scout version
 
-      # 3. Find any changed docker-compose files.
+      # 4. Find any changed docker-compose files.
       - name: Find changed docker-compose files
         id: find-files
         run: |
-          # List changed files between the PR base and current HEAD
+          # List changed files between the PR base and current HEAD.
           CHANGED_FILES=$(git diff --name-only "${{ github.event.pull_request.base.sha }}" HEAD | grep -Ei 'docker-compose\.(ya?ml)' || true)
           echo "Found changed docker-compose files:"
           echo "$CHANGED_FILES"
-          # Export as an output (if multiple files, they’ll be whitespace separated)
+          # Export the files as an output (if multiple files, they’ll be whitespace separated).
           echo "::set-output name=files::${CHANGED_FILES}"
       
-      # 4. Analyze Docker images and CVEs from the changed files.
+      # 5. Analyze Docker images and CVEs from the changed files.
       - name: Analyze Docker images in docker-compose files
         id: analyze
         run: |
-          # Initialize the Markdown output
           OUTPUT_FILE="docker-scout-results.md"
           echo "### Docker Scout Analysis" > $OUTPUT_FILE
           echo "" >> $OUTPUT_FILE
@@ -55,33 +59,30 @@ jobs:
           else
             for file in ${{ steps.find-files.outputs.files }}; do
               echo "Processing file: $file"
-              # Extract lines that define an image (adjust the regex as needed)
+              # Extract image names from lines that define an image.
               IMAGES=$(grep -E '^\s*image:' "$file" | awk '{print $2}')
               for image in $IMAGES; do
                 echo "Scanning image: $image"
 
                 # Use Docker Scout to inspect the image metadata.
-                # (Assumes that “docker scout inspect” outputs JSON; adjust formatting as needed.)
                 METADATA=$(docker scout inspect "$image" --format '{{json .}}' 2>/dev/null || echo '{}')
-                # For demonstration, extract repository and tag (requires jq).
+                # Extract repository and tag using jq (adjust as needed).
                 SHORT_META=$(echo "$METADATA" | jq -r 'if .Repository and .Tag then "\(.Repository)@\(.Tag)" else "N/A" end' 2>/dev/null)
 
-                # Get open CVEs (again, adjust the command/format as needed).
+                # Get open CVEs (adjust the command/format as needed).
                 CVES=$(docker scout cves "$image" 2>/dev/null || echo "None")
-                # Remove newlines from CVES so the Markdown table stays intact.
+                # Remove newlines so the Markdown table remains intact.
                 CVES=$(echo "$CVES" | tr '\n' ' ')
 
-                # Append a row to the Markdown table.
                 echo "| \`$image\` | $SHORT_META | $CVES |" >> $OUTPUT_FILE
               done
             done
           fi
           echo "Docker Scout Analysis:"
           cat $OUTPUT_FILE
-          # Set the output so it can be used in the next step.
           echo "::set-output name=result::$(cat $OUTPUT_FILE)"
 
-      # 5. Post the Markdown table as a comment on the PR.
+      # 6. Post the Markdown table as a comment on the PR.
       - name: Comment on PR with Docker Scout results
         uses: peter-evans/create-or-update-comment@v2
         with:

From 799f5290ba59e6efa131d82248f46092b83eb3e2 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 12:44:36 +0100
Subject: [PATCH 08/20] Update docker-compose-scan.yml

---
 .github/workflows/docker-compose-scan.yml | 30 ++++++++++++-----------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-compose-scan.yml
index 51aa596..16bc0bd 100644
--- a/.github/workflows/docker-compose-scan.yml
+++ b/.github/workflows/docker-compose-scan.yml
@@ -18,20 +18,21 @@ jobs:
         with:
           fetch-depth: 0
 
-      # 2. Install Docker Scout CLI extension
+      # 2. Install Docker Scout CLI binary manually.
       - name: Install Docker Scout CLI
         run: |
-          echo "Installing Docker Scout CLI extension..."
-          # Attempt to install the Docker Scout CLI extension.
-          docker extension install docker/scout-cli || { echo "Failed to install Docker Scout CLI extension. Please ensure it is available."; exit 1; }
+          echo "Downloading Docker Scout CLI binary..."
+          curl -fsSL https://github.com/docker/scout-cli/releases/download/latest/docker-scout-linux-amd64 -o docker-scout
+          chmod +x docker-scout
+          sudo mv docker-scout /usr/local/bin/docker-scout
 
-      # 3. Verify Docker Scout installation
+      # 3. Verify Docker and Docker Scout installation.
       - name: Verify Docker Scout CLI installation
         run: |
           echo "Docker version:"
           docker --version
           echo "Docker Scout version:"
-          docker scout version
+          docker-scout version
 
       # 4. Find any changed docker-compose files.
       - name: Find changed docker-compose files
@@ -41,9 +42,9 @@ jobs:
           CHANGED_FILES=$(git diff --name-only "${{ github.event.pull_request.base.sha }}" HEAD | grep -Ei 'docker-compose\.(ya?ml)' || true)
           echo "Found changed docker-compose files:"
           echo "$CHANGED_FILES"
-          # Export the files as an output (if multiple files, they’ll be whitespace separated).
+          # Export the file list as an output.
           echo "::set-output name=files::${CHANGED_FILES}"
-      
+
       # 5. Analyze Docker images and CVEs from the changed files.
       - name: Analyze Docker images in docker-compose files
         id: analyze
@@ -64,16 +65,17 @@ jobs:
               for image in $IMAGES; do
                 echo "Scanning image: $image"
 
-                # Use Docker Scout to inspect the image metadata.
-                METADATA=$(docker scout inspect "$image" --format '{{json .}}' 2>/dev/null || echo '{}')
-                # Extract repository and tag using jq (adjust as needed).
+                # Use the Docker Scout CLI to inspect image metadata.
+                METADATA=$(docker-scout inspect "$image" --format '{{json .}}' 2>/dev/null || echo '{}')
+                # For demonstration, extract repository and tag using jq (if available).
                 SHORT_META=$(echo "$METADATA" | jq -r 'if .Repository and .Tag then "\(.Repository)@\(.Tag)" else "N/A" end' 2>/dev/null)
 
-                # Get open CVEs (adjust the command/format as needed).
-                CVES=$(docker scout cves "$image" 2>/dev/null || echo "None")
-                # Remove newlines so the Markdown table remains intact.
+                # Get open CVEs.
+                CVES=$(docker-scout cves "$image" 2>/dev/null || echo "None")
+                # Remove newlines from CVES so the Markdown table stays intact.
                 CVES=$(echo "$CVES" | tr '\n' ' ')
 
+                # Append a row to the Markdown table.
                 echo "| \`$image\` | $SHORT_META | $CVES |" >> $OUTPUT_FILE
               done
             done

From d3e376d431a6088498eba85c960c70a69f97e7a1 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 13:01:35 +0100
Subject: [PATCH 09/20] Update docker-compose-scan.yml

---
 .github/workflows/docker-compose-scan.yml | 43 +++++++++++------------
 1 file changed, 21 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-compose-scan.yml
index 16bc0bd..67b36b9 100644
--- a/.github/workflows/docker-compose-scan.yml
+++ b/.github/workflows/docker-compose-scan.yml
@@ -18,34 +18,32 @@ jobs:
         with:
           fetch-depth: 0
 
-      # 2. Install Docker Scout CLI binary manually.
-      - name: Install Docker Scout CLI
+      # 2. Install Docker Scout.
+      - name: Install Docker Scout
         run: |
-          echo "Downloading Docker Scout CLI binary..."
-          curl -fsSL https://github.com/docker/scout-cli/releases/download/latest/docker-scout-linux-amd64 -o docker-scout
-          chmod +x docker-scout
-          sudo mv docker-scout /usr/local/bin/docker-scout
+          echo "Installing Docker Scout..."
+          curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
+          sh install-scout.sh
 
-      # 3. Verify Docker and Docker Scout installation.
-      - name: Verify Docker Scout CLI installation
+      # 3. Verify Docker and Docker Scout versions.
+      - name: Verify Installation
         run: |
           echo "Docker version:"
           docker --version
           echo "Docker Scout version:"
-          docker-scout version
+          docker scout version
 
       # 4. Find any changed docker-compose files.
       - name: Find changed docker-compose files
         id: find-files
         run: |
-          # List changed files between the PR base and current HEAD.
           CHANGED_FILES=$(git diff --name-only "${{ github.event.pull_request.base.sha }}" HEAD | grep -Ei 'docker-compose\.(ya?ml)' || true)
           echo "Found changed docker-compose files:"
           echo "$CHANGED_FILES"
-          # Export the file list as an output.
+          # Export files as an output (if multiple files, they’ll be whitespace separated)
           echo "::set-output name=files::${CHANGED_FILES}"
 
-      # 5. Analyze Docker images and CVEs from the changed files.
+      # 5. Analyze Docker images and CVEs from the changed docker-compose files.
       - name: Analyze Docker images in docker-compose files
         id: analyze
         run: |
@@ -60,31 +58,32 @@ jobs:
           else
             for file in ${{ steps.find-files.outputs.files }}; do
               echo "Processing file: $file"
-              # Extract image names from lines that define an image.
+              # Extract Docker image lines (adjust the regex if necessary)
               IMAGES=$(grep -E '^\s*image:' "$file" | awk '{print $2}')
               for image in $IMAGES; do
                 echo "Scanning image: $image"
-
-                # Use the Docker Scout CLI to inspect image metadata.
-                METADATA=$(docker-scout inspect "$image" --format '{{json .}}' 2>/dev/null || echo '{}')
-                # For demonstration, extract repository and tag using jq (if available).
+                # Retrieve image metadata (assuming Docker Scout outputs JSON)
+                METADATA=$(docker scout inspect "$image" --format '{{json .}}' 2>/dev/null || echo '{}')
+                # For demonstration, extract repository and tag (requires jq)
                 SHORT_META=$(echo "$METADATA" | jq -r 'if .Repository and .Tag then "\(.Repository)@\(.Tag)" else "N/A" end' 2>/dev/null)
 
-                # Get open CVEs.
-                CVES=$(docker-scout cves "$image" 2>/dev/null || echo "None")
-                # Remove newlines from CVES so the Markdown table stays intact.
+                # Get open CVEs for the image.
+                CVES=$(docker scout cves "$image" 2>/dev/null || echo "None")
+                # Remove newlines so the Markdown table remains intact.
                 CVES=$(echo "$CVES" | tr '\n' ' ')
 
-                # Append a row to the Markdown table.
+                # Append the results as a row in the Markdown table.
                 echo "| \`$image\` | $SHORT_META | $CVES |" >> $OUTPUT_FILE
               done
             done
           fi
+
           echo "Docker Scout Analysis:"
           cat $OUTPUT_FILE
+          # Set the output so it can be used in the next step.
           echo "::set-output name=result::$(cat $OUTPUT_FILE)"
 
-      # 6. Post the Markdown table as a comment on the PR.
+      # 6. Post a PR comment with the Docker Scout analysis.
       - name: Comment on PR with Docker Scout results
         uses: peter-evans/create-or-update-comment@v2
         with:

From d87c2b3f8d0a4121dc1129207dbfd81fbaba8023 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 19:40:12 +0100
Subject: [PATCH 10/20] Update docker-compose-scan.yml

---
 .github/workflows/docker-compose-scan.yml | 131 +++++++++-------------
 1 file changed, 55 insertions(+), 76 deletions(-)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-compose-scan.yml
index 67b36b9..2337075 100644
--- a/.github/workflows/docker-compose-scan.yml
+++ b/.github/workflows/docker-compose-scan.yml
@@ -1,92 +1,71 @@
-name: Docker Scout PR Analysis
+name: Docker Scout Scan
 
 on:
   pull_request:
-    types: [opened, synchronize, reopened]
-
-permissions:
-  contents: read
-  issues: write
 
 jobs:
-  scout:
+  # First job: find images from docker-compose files and output a matrix JSON
+  find-images:
     runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
-      # 1. Check out the PR code.
-      - name: Checkout code
+      - name: Checkout repository
         uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      # 2. Install Docker Scout.
-      - name: Install Docker Scout
-        run: |
-          echo "Installing Docker Scout..."
-          curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
-          sh install-scout.sh
 
-      # 3. Verify Docker and Docker Scout versions.
-      - name: Verify Installation
+      - name: Install jq and yq
         run: |
-          echo "Docker version:"
-          docker --version
-          echo "Docker Scout version:"
-          docker scout version
-
-      # 4. Find any changed docker-compose files.
-      - name: Find changed docker-compose files
-        id: find-files
-        run: |
-          CHANGED_FILES=$(git diff --name-only "${{ github.event.pull_request.base.sha }}" HEAD | grep -Ei 'docker-compose\.(ya?ml)' || true)
-          echo "Found changed docker-compose files:"
-          echo "$CHANGED_FILES"
-          # Export files as an output (if multiple files, they’ll be whitespace separated)
-          echo "::set-output name=files::${CHANGED_FILES}"
+          sudo apt-get update && sudo apt-get install -y jq
+          # Install yq if not already installed
+          if ! command -v yq &>/dev/null; then
+            wget https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_amd64 -O /usr/local/bin/yq
+            chmod +x /usr/local/bin/yq
+          fi
 
-      # 5. Analyze Docker images and CVEs from the changed docker-compose files.
-      - name: Analyze Docker images in docker-compose files
-        id: analyze
+      - name: Find images in Docker Compose files
+        id: find
         run: |
-          OUTPUT_FILE="docker-scout-results.md"
-          echo "### Docker Scout Analysis" > $OUTPUT_FILE
-          echo "" >> $OUTPUT_FILE
-          echo "| Docker Image | Metadata | Open CVEs |" >> $OUTPUT_FILE
-          echo "|--------------|----------|-----------|" >> $OUTPUT_FILE
+          echo "Searching for docker-compose*.yml files..."
+          files=$(find . -type f -name "docker-compose*.yml")
+          echo "Found files:"
+          echo "$files"
+          images=()
+          for file in $files; do
+            echo "Processing $file"
+            # Use yq to extract all image fields from services
+            while IFS= read -r image; do
+              if [[ -n "$image" ]]; then
+                images+=("$image")
+              fi
+            done < <(yq e '.services[].image // empty' "$file")
+          done
+          # Remove duplicates (if any)
+          unique_images=($(echo "${images[@]}" | tr ' ' '\n' | sort -u))
+          echo "Unique images found: ${unique_images[@]}"
+          # Create a JSON array for the matrix
+          matrix=$(printf '%s\n' "${unique_images[@]}" | jq -R . | jq -s .)
+          echo "Matrix JSON: $matrix"
+          # Set the output for use in the next job
+          echo "::set-output name=matrix::$matrix"
 
-          if [ -z "${{ steps.find-files.outputs.files }}" ]; then
-            echo "No docker-compose files changed." >> $OUTPUT_FILE
-          else
-            for file in ${{ steps.find-files.outputs.files }}; do
-              echo "Processing file: $file"
-              # Extract Docker image lines (adjust the regex if necessary)
-              IMAGES=$(grep -E '^\s*image:' "$file" | awk '{print $2}')
-              for image in $IMAGES; do
-                echo "Scanning image: $image"
-                # Retrieve image metadata (assuming Docker Scout outputs JSON)
-                METADATA=$(docker scout inspect "$image" --format '{{json .}}' 2>/dev/null || echo '{}')
-                # For demonstration, extract repository and tag (requires jq)
-                SHORT_META=$(echo "$METADATA" | jq -r 'if .Repository and .Tag then "\(.Repository)@\(.Tag)" else "N/A" end' 2>/dev/null)
+      - name: Set matrix output
+        id: set-matrix
+        run: echo "matrix=${{ steps.find.outputs.matrix }}" >> $GITHUB_OUTPUT
 
-                # Get open CVEs for the image.
-                CVES=$(docker scout cves "$image" 2>/dev/null || echo "None")
-                # Remove newlines so the Markdown table remains intact.
-                CVES=$(echo "$CVES" | tr '\n' ' ')
-
-                # Append the results as a row in the Markdown table.
-                echo "| \`$image\` | $SHORT_META | $CVES |" >> $OUTPUT_FILE
-              done
-            done
-          fi
-
-          echo "Docker Scout Analysis:"
-          cat $OUTPUT_FILE
-          # Set the output so it can be used in the next step.
-          echo "::set-output name=result::$(cat $OUTPUT_FILE)"
+  # Second job: run Docker Scout scan for each image found
+  scan-images:
+    needs: find-images
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        image: ${{ fromJson(needs.find-images.outputs.matrix) }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
 
-      # 6. Post a PR comment with the Docker Scout analysis.
-      - name: Comment on PR with Docker Scout results
-        uses: peter-evans/create-or-update-comment@v2
+      - name: Scan image with Docker Scout
+        id: scout
+        uses: docker/scout-action@v1
         with:
-          issue-number: ${{ github.event.pull_request.number }}
-          body: |
-            ${{ steps.analyze.outputs.result }}
+          command: cves
+          image: ${{ matrix.image }}

From 8d16fedc478640ffc69a001f0af0debee3f7defc Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 19:44:48 +0100
Subject: [PATCH 11/20] Update docker-compose-scan.yml

---
 .github/workflows/docker-compose-scan.yml | 31 +++++++++++------------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-compose-scan.yml
index 2337075..8b7d515 100644
--- a/.github/workflows/docker-compose-scan.yml
+++ b/.github/workflows/docker-compose-scan.yml
@@ -4,7 +4,6 @@ on:
   pull_request:
 
 jobs:
-  # First job: find images from docker-compose files and output a matrix JSON
   find-images:
     runs-on: ubuntu-latest
     outputs:
@@ -22,8 +21,8 @@ jobs:
             chmod +x /usr/local/bin/yq
           fi
 
-      - name: Find images in Docker Compose files
-        id: find
+      - name: Find images in Docker Compose files and set matrix
+        id: set-matrix
         run: |
           echo "Searching for docker-compose*.yml files..."
           files=$(find . -type f -name "docker-compose*.yml")
@@ -32,27 +31,26 @@ jobs:
           images=()
           for file in $files; do
             echo "Processing $file"
-            # Use yq to extract all image fields from services
+            # Extract image fields from each service
             while IFS= read -r image; do
               if [[ -n "$image" ]]; then
                 images+=("$image")
               fi
             done < <(yq e '.services[].image // empty' "$file")
           done
-          # Remove duplicates (if any)
-          unique_images=($(echo "${images[@]}" | tr ' ' '\n' | sort -u))
-          echo "Unique images found: ${unique_images[@]}"
-          # Create a JSON array for the matrix
-          matrix=$(printf '%s\n' "${unique_images[@]}" | jq -R . | jq -s .)
+          # If no images found, set matrix to an empty JSON array.
+          if [ ${#images[@]} -eq 0 ]; then
+            echo "No images found, setting matrix to []"
+            matrix="[]"
+          else
+            # Remove duplicates and convert to a JSON array.
+            unique_images=($(printf "%s\n" "${images[@]}" | sort -u))
+            matrix=$(printf '%s\n' "${unique_images[@]}" | jq -R . | jq -s .)
+          fi
           echo "Matrix JSON: $matrix"
-          # Set the output for use in the next job
-          echo "::set-output name=matrix::$matrix"
+          # Set the output using the new $GITHUB_OUTPUT method.
+          echo "matrix=$matrix" >> $GITHUB_OUTPUT
 
-      - name: Set matrix output
-        id: set-matrix
-        run: echo "matrix=${{ steps.find.outputs.matrix }}" >> $GITHUB_OUTPUT
-
-  # Second job: run Docker Scout scan for each image found
   scan-images:
     needs: find-images
     runs-on: ubuntu-latest
@@ -69,3 +67,4 @@ jobs:
         with:
           command: cves
           image: ${{ matrix.image }}
+

From 7ebb1b26158dd3df5465cb934f0244c7037b4f82 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 19:47:29 +0100
Subject: [PATCH 12/20] Rename docker-compose-scan.yml to docker-scan.yml

---
 .github/workflows/{docker-compose-scan.yml => docker-scan.yml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/workflows/{docker-compose-scan.yml => docker-scan.yml} (100%)

diff --git a/.github/workflows/docker-compose-scan.yml b/.github/workflows/docker-scan.yml
similarity index 100%
rename from .github/workflows/docker-compose-scan.yml
rename to .github/workflows/docker-scan.yml

From 02a588694a95b986d0eb651bb83fed9a8900c163 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 19:49:48 +0100
Subject: [PATCH 13/20] Update docker-scan.yml

---
 .github/workflows/docker-scan.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
index 8b7d515..8689a0c 100644
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@@ -24,14 +24,15 @@ jobs:
       - name: Find images in Docker Compose files and set matrix
         id: set-matrix
         run: |
-          echo "Searching for docker-compose*.yml files..."
-          files=$(find . -type f -name "docker-compose*.yml")
+          echo "Searching for docker-compose files..."
+          # Look for docker-compose.yml or docker-compose-*.yml in all subdirectories.
+          files=$(find . -type f \( -iname "docker-compose.yml" -o -iname "docker-compose-*.yml" \))
           echo "Found files:"
           echo "$files"
           images=()
           for file in $files; do
             echo "Processing $file"
-            # Extract image fields from each service
+            # Use yq to extract all image fields from services
             while IFS= read -r image; do
               if [[ -n "$image" ]]; then
                 images+=("$image")
@@ -67,4 +68,3 @@ jobs:
         with:
           command: cves
           image: ${{ matrix.image }}
-

From c8fc15cf2d8a7e03789b7c8d49c5cb3a7e2cbed2 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 19:53:48 +0100
Subject: [PATCH 14/20] Update docker-scan.yml

---
 .github/workflows/docker-scan.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
index 8689a0c..6412afe 100644
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Install jq and yq
         run: |
           sudo apt-get update && sudo apt-get install -y jq
-          # Install yq if not already installed
+          # Install yq (v4) if not already installed
           if ! command -v yq &>/dev/null; then
             wget https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_amd64 -O /usr/local/bin/yq
             chmod +x /usr/local/bin/yq
@@ -25,19 +25,19 @@ jobs:
         id: set-matrix
         run: |
           echo "Searching for docker-compose files..."
-          # Look for docker-compose.yml or docker-compose-*.yml in all subdirectories.
+          # Find both docker-compose.yml and docker-compose-*.yml in all subdirectories.
           files=$(find . -type f \( -iname "docker-compose.yml" -o -iname "docker-compose-*.yml" \))
           echo "Found files:"
           echo "$files"
           images=()
           for file in $files; do
             echo "Processing $file"
-            # Use yq to extract all image fields from services
+            # Use yq with the optional operator to extract the image field
             while IFS= read -r image; do
               if [[ -n "$image" ]]; then
                 images+=("$image")
               fi
-            done < <(yq e '.services[].image // empty' "$file")
+            done < <(yq e '.services[].image?' "$file")
           done
           # If no images found, set matrix to an empty JSON array.
           if [ ${#images[@]} -eq 0 ]; then

From 89ea9a722a5cce4daf063087401095977ed9b760 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 19:57:20 +0100
Subject: [PATCH 15/20] Update docker-scan.yml

---
 .github/workflows/docker-scan.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
index 6412afe..0ff1203 100644
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@@ -25,7 +25,7 @@ jobs:
         id: set-matrix
         run: |
           echo "Searching for docker-compose files..."
-          # Find both docker-compose.yml and docker-compose-*.yml in all subdirectories.
+          # Find docker-compose.yml and docker-compose-*.yml files in all subdirectories.
           files=$(find . -type f \( -iname "docker-compose.yml" -o -iname "docker-compose-*.yml" \))
           echo "Found files:"
           echo "$files"
@@ -49,8 +49,10 @@ jobs:
             matrix=$(printf '%s\n' "${unique_images[@]}" | jq -R . | jq -s .)
           fi
           echo "Matrix JSON: $matrix"
-          # Set the output using the new $GITHUB_OUTPUT method.
-          echo "matrix=$matrix" >> $GITHUB_OUTPUT
+          # Set the output using multiline syntax.
+          echo "matrix<<EOF" >> $GITHUB_OUTPUT
+          echo "$matrix" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
 
   scan-images:
     needs: find-images

From b233e0aea4940e0c409ad265ee7d2c7b749c20ce Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 20:04:22 +0100
Subject: [PATCH 16/20] Update docker-scan.yml

---
 .github/workflows/docker-scan.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
index 0ff1203..0038c98 100644
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@@ -1,7 +1,10 @@
 name: Docker Scout Scan
-
 on:
   pull_request:
+  
+permissions:
+  contents: read
+  pull-requests: write
 
 jobs:
   find-images:

From 380880e12e9cb366ecf9d11dc98ef24dfd3cd745 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 20:16:12 +0100
Subject: [PATCH 17/20] Update docker-scan.yml

---
 .github/workflows/docker-scan.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
index 0038c98..86caf4b 100644
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@@ -60,12 +60,19 @@ jobs:
   scan-images:
     needs: find-images
     runs-on: ubuntu-latest
+    environment: PR
     strategy:
       matrix:
         image: ${{ fromJson(needs.find-images.outputs.matrix) }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
+      
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Scan image with Docker Scout
         id: scout

From 5ebbe9ef5d7dc9a41ef34aa2163398c38142ff11 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 20:25:13 +0100
Subject: [PATCH 18/20] Update docker-compose.yml

---
 src/Pi4/docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Pi4/docker-compose.yml b/src/Pi4/docker-compose.yml
index 335c670..7c90a36 100644
--- a/src/Pi4/docker-compose.yml
+++ b/src/Pi4/docker-compose.yml
@@ -50,7 +50,7 @@ services:
       - "traefik.http.services.gatus.loadbalancer.server.port=8080"
 
   homepage:
-    image: ghcr.io/gethomepage/homepage:v0.9.0  # No known CVEs for this specific version
+    image: gethomepage/homepage:v0.9.0  # No known CVEs for this specific version
     container_name: homepage
     restart: always
     environment:

From c333b64741da2419cdb6170d843ed9bfb6eaa492 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 20:32:00 +0100
Subject: [PATCH 19/20] Update docker-scan.yml

---
 .github/workflows/docker-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
index 86caf4b..0b557c1 100644
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@@ -78,5 +78,5 @@ jobs:
         id: scout
         uses: docker/scout-action@v1
         with:
-          command: cves
+          command: quickview
           image: ${{ matrix.image }}

From 8cd0ca76c0a185be575e72a7eb81314302af21e2 Mon Sep 17 00:00:00 2001
From: Finn Lippok <contact@lippok.eu>
Date: Tue, 18 Feb 2025 20:35:35 +0100
Subject: [PATCH 20/20] Update docker-scan.yml

---
 .github/workflows/docker-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
index 0b557c1..9ad8f5d 100644
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@@ -78,5 +78,5 @@ jobs:
         id: scout
         uses: docker/scout-action@v1
         with:
-          command: quickview
+          command: recommendations
           image: ${{ matrix.image }}