feat: 🚀 Docker scout reusable workflow (#96)

Author: VishwajitNagulkar

.github/workflows/docker-scout.yml

@@ -0,0 +1,87 @@
+---
+name: docker-scout
+on:
+  workflow_call:
+    inputs:
+      IMAGES:
+        description: 'Dockerhub repository name'
+        required: true
+        type: string
+      IMAGE_TAG:
+        description: 'Image tag for latest docker image'
+        type: string
+        default: latest
+      COMPARE_TAG:
+        description: 'provide the tag of the image you like to compare with'
+        required: true
+        type: string
+      # Filter flags
+      IGNORE-BASE:
+        description: 'Ignore vulnerabilities from base image'
+        default: false
+        type: string
+      IGNORE-UNCHANGED:
+        description: 'Filter out unchanged packages'
+        default: true
+        type: string
+      ONLY-FIXED:
+        description: 'Filter to fixable CVEs'
+        default: false
+        type: string
+      WRITE-COMMENT:
+        description: 'Write the output as a Pull Request comment'
+        default: true
+        type: string
+    secrets:
+      DOCKERHUB_USERNAME:
+        description: 'dockerhub username'
+        required: true
+      DOCKERHUB_PASSWORD:
+        description: 'dockerhub password'
+        required: true
+      TOKEN:
+        description: 'Github Token'
+        required: true
+
+jobs:
+  docker-scout:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+
+      - name: Setup Docker buildx
+        uses: docker/[email protected]
+        with:
+          driver-opts: |
+            image=moby/buildkit:v0.10.6
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Build docker image
+        env:
+          IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
+          images: ${{ inputs.IMAGES }}
+        run: |
+          docker build -t $images:$IMAGE_TAG .
+          # docker push $images:$IMAGE_TAG
+
+      - name: Docker Scout
+        id: docker-scout
+        uses: docker/scout-action@v1
+        with:
+          command: cves,recommendations,compare
+          to-latest: false
+          to: ${{ inputs.IMAGES }}:${{ inputs.COMPARE_TAG }}
+          image: ${{ inputs.IMAGES }}:${{ inputs.IMAGE_TAG }}
+          ignore-base: ${{ inputs.IGNORE-BASE }}
+          ignore-unchanged: ${{ inputs.IGNORE-BASE }}
+          only-fixed: ${{ inputs.ONLY-FIXED }}
+          write-comment: ${{ inputs.WRITE-COMMENT }}
+          github-token: ${{ secrets.TOKEN }}
+...

docs/docker-scout.md

@@ -0,0 +1,33 @@
+## Docker-Scout Workflow
+#### [Docker scout workflow reference](https://github.com/clouddrove/github-shared-workflows/blob/master/.github/workflows/docker-scout.yml)
+
+This workflow involves locally scanning a Docker image and then comparing the latest Docker image with a specified image within the same repository. Workflows have been added in `.github/workflows/docker-compose.yml`.
+
+#### Usage
+
+This workflow is designed to locally build and scan a Docker image, offering vulnerability information, recommended fixes for the latest images, and the ability to compare the latest image with a specified image within the same repository.
+#### Example for scan and push docker image on Dockerhub
+
+```yaml
+name: Docker-scout Workflow
+# This permission are helpful for pushing vulnerability in security tab
+permissions:
+  contents: read
+  packages: write
+  pull-requests: write
+
+on:
+  workflow_dispatch:
+
+jobs:
+  docker-scout:
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker-scout.yml@master
+    with:
+      IMAGES:             # Specify the dockerhub repository name
+      IMAGE_TAG:          # Give the tag to the latest image you want to build
+      COMPARE_TAG:        # Specify the tag of the image you want to compare with within the same repository.
+    secrets:
+      DOCKERHUB_USERNAME: # Dockerhub username
+      DOCKERHUB_PASSWORD: # Dockerhub password
+      TOKEN:              # GitHub token
+```