Home Explore Blog CI



docker
3rd chunk of `content/manuals/scout/policy/ci.md`
e2f6a05b726478c3bcc1cf24ebb9439bd53c1ea2395f7cb400000001000005e9
        id: build-and-push
        uses: docker/build-push-action@v4
        with:
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          sbom: ${{ github.event_name != 'pull_request' }}
          provenance: ${{ github.event_name != 'pull_request' }}
          push: ${{ github.event_name != 'pull_request' }}
          load: ${{ github.event_name == 'pull_request' }}

      - name: Authenticate with Docker
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PAT }}

      - name: Compare
        if: ${{ github.event_name == 'pull_request' }}
        uses: docker/scout-action@v1
        with:
          command: compare
          image: ${{ steps.meta.outputs.tags }}
          to-env: production
          platform: "linux/amd64"
          ignore-unchanged: true
          only-severities: critical,high
          organization: ${{ env.DOCKER_ORG }}
          exit-on: policy
```

The following screenshot shows what the GitHub PR comment looks like when a
policy evaluation check fails because policy has become worse in the PR image
compared to baseline.




This example has demonstrated how to run policy evaluation in CI with GitHub
Actions. Docker Scout also supports other CI platforms. For more information,
see [Docker Scout CI
integrations](../integrations/_index.md#continuous-integration).
Title: GitHub PR Comment Example and Policy Evaluation in CI
Summary
The provided text illustrates a GitHub pull request comment that appears when a Docker Scout policy evaluation check fails. The comment highlights the differences in vulnerabilities and policies between the base image and the image in the pull request, specifically pointing out a worsened state in critical vulnerabilities. The text then mentions that this example demonstrated policy evaluation in CI with GitHub Actions. It directs readers to a page about Docker Scout CI integrations.