Docker Scout integration? #110
Description
Description
It would be very convenient to have Docker Scout embedded, as optional, in this reusable workflow.
For example, one of the common use case is to scan CVEs and upload the SARIF outputs to GitHub Security panel.
Different other options would be very beneficial too:
org--> to evaluate policiesquickviewaction and optionally write summary as a PR commentcompareaction with another image and optionally write the comparison table as a PR comment- For this one, what would be very powerful is to have the reusable workflow building the image to compare from another branch (
mainfor example), because maybe there is no associated container image yet (not yet released), but still needs to be compare with the current branch/PR. Example here: https://github.com/mathieu-benoit/sail-sharp/blob/main/.github/workflows/open-pr.yml#L9-L80.
- For this one, what would be very powerful is to have the reusable workflow building the image to compare from another branch (
Note: we could have another job doing that, but for example in a PR, if we do push: false but still want to use Docker Scout, it's very complex to have this in place, as an end user.