Integrating Docker Scout with GitHub Workflow
Integrate Docker Scout into your CI workflow to proactively identify vulnerabilities early in the development process.
In my previous article, I discussed the importance of vulnerability scanning and how Docker Scout can provide a better overview of dependencies and their associated vulnerabilities.
In this article, we will get our hands on Docker Scout by creating a GitHub Workflow to build a docker image and scan it for vulnerabilities before merging its content with a production branch and publishing it to Docker Hub. This process increases the quality of the released application.
Creating a Sample Application
For this tutorial, we will use my Hypnos application code as an example. This is a web application built using React.js and the Yarn package manager. First, we must create its Docker file.
FROM node:14-alpine
WORKDIR /app
COPY package.json ./
COPY yarn.lock ./
RUN yarn install --frozen-lockfile…