use only repo name (i.e. w/o repo owner prefix) for image name

nam20485 · Oct 21, 2023 · 0589aa7 · 0589aa7
1 parent 7a41ef9
commit 0589aa7
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/.github/workflows/docker-scout-scan.yml b/.github/workflows/docker-scout-scan.yml
@@ -15,7 +15,8 @@ env:
   # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
   # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}
+  #IMAGE_NAME: ${{ github.repository_id }}
+  IMAGE_NAME: ${{ github.event.repository.name }}
   #VCPKG_BINARY_SOURCES: 'clear;nuget,GitHub,readwrite'
   # Use `latest` as the tag to compare to if empty, assuming that it's already pushed
   COMPARE_TAG: latest
@@ -115,11 +116,12 @@ jobs:
     #     run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
 
       - name: Analyze for critical and high CVEs
-        id: docker-scout-cves        
+        id: docker-scout-cves       
+        if: ${{ github.event_name != 'pull_request_target' }} 
         uses: docker/scout-action@v1
         with:
           command: cves
-          image: ${{ steps.meta.outputs.tags }}
+          image: local://${{ steps.meta.outputs.tags }}
           sarif-file: sarif.output.json
           summary: true
 
@@ -135,7 +137,7 @@ jobs:
         uses: docker/scout-action@v1
         with:
           command: compare
-          image: ${{ steps.meta.outputs.tags }}
+#          image: ${{ steps.meta.outputs.tags }}
           to: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-${{ env.COMPARE_TAG }}
           ignore-unchanged: true
           only-severities: critical,high