fix(docker): set WORKDIR to /repo so 'scan .' works with volume mounts

Previously the container's WORKDIR was /app, so 'scan .' would scan
the app directory instead of the mounted repo. Now defaults to /repo.
README updated to use simpler 'scan .' syntax.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: pikespeak

Dockerfile

@@ -54,9 +54,9 @@ COPY --from=builder /app/deploy/node_modules ./node_modules
 COPY --from=syft /syft /usr/local/bin/syft
 COPY --from=grype /grype /usr/local/bin/grype
 
-# Volume mount point for user's repo
-VOLUME ["/repo"]
+# Set working directory to /repo so "scan ." works with volume mounts
+WORKDIR /repo
 
 # Entrypoint: node runs the CLI script directly (no shell needed)
 ENTRYPOINT ["node", "/app/dist/index.js"]
-CMD ["scan", "/repo"]
+CMD ["scan", "."]

README.md

@@ -15,7 +15,7 @@ Scan your dependencies for known vulnerabilities — locally, in CI, or from you
 
 ```bash
 npx @ottersight/cli scan .                                  # Terminal / CI
-docker run --rm -v $(pwd):/repo ghcr.io/ottersight/cli scan /repo   # Docker (no deps needed)
+docker run --rm -v $(pwd):/repo ghcr.io/ottersight/cli scan .   # Docker (no deps needed)
 ```
 
 For Claude Code, install the skill and type `/ottersight-scan`:
@@ -103,7 +103,7 @@ npm install -g @ottersight/cli
 ottersight scan .
 
 # Docker (Syft + Grype bundled, nothing else to install)
-docker run --rm -v $(pwd):/repo ghcr.io/ottersight/cli scan /repo
+docker run --rm -v $(pwd):/repo ghcr.io/ottersight/cli scan .
 ```
 
 Output: colored terminal table grouped by severity, summary line, optional `--output report.md` for Markdown.