Update main.yml #14

	name: CI

	on: [push]

	jobs:
	sast_scan:
	name: Run Bandit Scan
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Set up Python
	uses: actions/setup-python@v2
	with:
	python-version: 3.8

	- name: Install Bandit
	run: pip install bandit

	- name: Run Bandit Scan
	run: bandit -ll -ii -r . -f json -o bandit-report.json

	- name: Upload Artifact
	uses: actions/upload-artifact@v3
	if: always()
	with:
	name: bandit-findings
	path: bandit-report.json

	image_scan:
	name: Build Image and Run Image Scan
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Set up Docker
	uses: docker-practice/actions-setup-docker@v1
	with:
	docker_version: '20.10.7'

	- name: Build Docker Image
	run: docker build -f Dockerfile -t myapp:latest .

	# - name: Docker Scout Scan
	# run: \|
	# curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
	# sh install-scout.sh

	# echo ${{ secrets.REPO_PWD }} \| docker login -u ${{ secrets.REPO_USER }} --password-stdin

	# docker scout quickview
	# docker scout cves

	- name: Docker Scout Scan
	uses: docker/[email protected]
	with:
	dockerhub-user: ${{ secrets.REPO_USER }}
	dockerhub-password: ${{ secrets.REPO_PWD }}
	command: quickview,cves
	only-severities: critical,high
	sarif-file: scout-report.sarif

	- name: Upload Artifact
	uses: actions/upload-artifact@v3
	if: always()
	with:
	name: docker-scout-findings
	path: scout-report.sarif

Provide feedback