scan

scan #191

	name: scan
	on:
	workflow_dispatch:
	inputs:
	severities:
	description: "Comma-separated list of severities to scan for: critical, high, medium, low, unspecified"
	required: true
	type: string
	default: critical,high
	schedule:
	- cron: "0 0 * * 3"
	jobs:
	scan:
	runs-on: ubuntu-latest
	permissions:
	pull-requests: write
	steps:
	- uses: actions/checkout@v5
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	logout: true
	- name: Scan
	uses: docker/scout-action@v1
	with:
	command: cves,recommendations
	image: ${{ vars.IMAGE }}
	only-severities: ${{ inputs && inputs.severities \|\| 'critical,high' }}
	only-fixed: true
	summary: true
	format: json
	exit-code: true

Provide feedback