From 0589aa7f728371bcd8c65164e20d547394f89663 Mon Sep 17 00:00:00 2001
From: Nathan Miller <nmiller217@gmail.com>
Date: Sat, 21 Oct 2023 13:28:05 -0700
Subject: [PATCH] use only repo name (i.e. w/o repo owner prefix) for image
 name

---
 .github/workflows/docker-scout-scan.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-scout-scan.yml b/.github/workflows/docker-scout-scan.yml
index b244a229..5b4fbac3 100644
--- a/.github/workflows/docker-scout-scan.yml
+++ b/.github/workflows/docker-scout-scan.yml
@@ -15,7 +15,8 @@ env:
   # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
   # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}
+  #IMAGE_NAME: ${{ github.repository_id }}
+  IMAGE_NAME: ${{ github.event.repository.name }}
   #VCPKG_BINARY_SOURCES: 'clear;nuget,GitHub,readwrite'
   # Use `latest` as the tag to compare to if empty, assuming that it's already pushed
   COMPARE_TAG: latest
@@ -115,11 +116,12 @@ jobs:
     #     run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
 
       - name: Analyze for critical and high CVEs
-        id: docker-scout-cves        
+        id: docker-scout-cves       
+        if: ${{ github.event_name != 'pull_request_target' }} 
         uses: docker/scout-action@v1
         with:
           command: cves
-          image: ${{ steps.meta.outputs.tags }}
+          image: local://${{ steps.meta.outputs.tags }}
           sarif-file: sarif.output.json
           summary: true
         
@@ -135,7 +137,7 @@ jobs:
         uses: docker/scout-action@v1
         with:
           command: compare
-          image: ${{ steps.meta.outputs.tags }}
+#          image: ${{ steps.meta.outputs.tags }}
           to: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-${{ env.COMPARE_TAG }}
           ignore-unchanged: true
           only-severities: critical,high