docker-scan.yml

name: Build and Scan Docker Images

on:
  workflow_dispatch:
  push:
    branches:
      - main

jobs:
  build-and-scan:
    name: ${{ matrix.folder }}
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        folder: ["curl", "httpd", "locust", "nginx", "wireshark"]

    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4.2.2

      - name: Log in to Docker Hub
      #  Required for Docker Scout
        uses: docker/login-action@v3.3.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Build Docker Image
        run: |
          FILES=$(find ./${{ matrix.folder }} -type f -iname 'dockerfile*')
          if [ -z "$FILES" ]; then
            echo "No Dockerfiles found in folder: ${{ matrix.folder }}. Skipping build."
            exit 1
          fi

          for FILE in $FILES; do
            IMAGE_NAME="${{ matrix.folder }}-$(basename $FILE | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]-')"
            echo "Building Docker image: $IMAGE_NAME using $FILE"
            docker build -t $IMAGE_NAME -f $FILE ./${{ matrix.folder }}
            echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
          done

      - name: Scan Docker Image
        uses: docker/scout-action@v1.15.1
        with:
          image: ${{ env.IMAGE_NAME }} 
          command: cves,recommendations
          sarif-file: sarif.output.json

      - name: Export the Results
        uses: actions/upload-artifact@v4.4.3
        with:
          name: docker-scout-sarif-${{ matrix.folder }}
          path: sarif.output.json