chore

Author: argentinaluiz

.github/workflows/ci.yml

@@ -119,6 +119,8 @@ jobs:
           cache-to: type=gha,mode=max
           secrets: |
             github_token=${{ secrets.GITHUB_TOKEN }}
+          provenance: mode=max
+          sbom: true
 
       # - name: Check if ":latest" tag exists
       #   if: github.event_name == 'pull_request'
@@ -158,14 +160,15 @@ jobs:
       
       - name: Analyze for critical and high CVEs
         id: docker-scout-cves
-        #if: ${{ github.event_name == 'pull_request' }}
+        if: ${{ github.event_name != 'pull_request' }}
         uses: docker/scout-action@v1
         with:
           command: cves
           image: ${{ steps.meta.outputs.tags }}
           only-severities: critical,high
           sarif-file: sarif.output.json
           summary: true
+          exit-code: true
 
       - name: Upload SARIF result
         id: upload-sarif