name: Docker Image Build and Analysis on: schedule: - cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed. workflow_dispatch: # Manual run trigger inputs: trigger-build: description: 'Trigger a manual build and push' default: 'true' jobs: build-and-analyze: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 - name: Log in to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build Docker image id: build-image run: | docker build -t my-app-image:latest . - name: Install Docker Scout run: | curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- - name: Analyze Docker image with Docker Scout id: analyze-image run: | # Get the current date in YYYY-MM-DD format DATE=$(date +'%Y-%m-%d') OUTPUT_FILE=".github/workflows/cve-report-$DATE.json" docker scout cves my-app-image:latest > $OUTPUT_FILE echo "CVE report saved to $OUTPUT_FILE" cat $OUTPUT_FILE - name: Upload Scout results uses: actions/upload-artifact@v3 with: name: scout-results path: .github/workflows/cve-report-*.json