Update main.yml

.github/workflows/main.yml

@@ -50,11 +50,26 @@ jobs:
    - name: Build Docker Image
      run: docker build -f Dockerfile -t mytestapp:latest . 
 
+   # - name: Docker Scout Scan
+   #   run: |
+   #     curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
+   #     sh install-scout.sh
+   #     echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
+   #     docker scout quickview
+   #     docker scout cves
+
    - name: Docker Scout Scan
-     run: |
-       curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
-       sh install-scout.sh
-       echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
-       echo ${{ secrets.DOCKERHUB_PASSWORD }}  ${{ secrets.DOCKERHUB_USERNAME }}
-       docker scout quickview
-       docker scout cves
+     uses: docker/[email protected]
+     with:
+       dockerhub-user: ${{ secrets.DOCKERHUB_PASSWORD }}
+       dockerhub-password: ${{ secrets.DOCKERHUB_USERNAME }}
+       command: quickview,cves
+       only-severities: critical,high
+       sarif-file: scout-report.sarif
+
+   - name: Upload Artifact
+     uses: actions/upload-artifact@v3
+     if: always()
+     with:
+       name: docker-scout-findings
+       path: scout-report.sarif