Integrating Docker Scout with GitHub Workflow

Integrate Docker Scout into your CI workflow to proactively identify vulnerabilities early in the development process.

In my previous article, I discussed the importance of vulnerability scanning and how Docker Scout can provide a better overview of dependencies and their associated vulnerabilities.

Vulnerability and Dependency Scanning with Docker Scout

In this article, we will get our hands on Docker Scout by creating a GitHub Workflow to build a docker image and scan it for vulnerabilities before merging its content with a production branch and publishing it to Docker Hub. This process increases the quality of the released application.

Creating a Sample Application

For this tutorial, we will use my Hypnos application code as an example. This is a web application built using React.js and the Yarn package manager. First, we must create its Docker file.

FROM node:14-alpine
WORKDIR /app
COPY package.json ./
COPY yarn.lock ./
RUN yarn install --frozen-lockfile…