add docker/scout-action (issue #18)

Author: jakoch

.github/workflows/release.yml

@@ -250,7 +250,6 @@ jobs:
       #   The folders are skipped, because the folders contain many files, which
       #   are not relevant for the image security. The scan is faster without them.
 
-      # upload fails: https://github.com/github/codeql-action/issues/2117
       - name: 🛡️🔼 Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3 # https://github.com/github/codeql-action
         with:
@@ -264,3 +263,18 @@ jobs:
           format: 'list'
           exit-code: '0'
           exit-level: 'warn'
+
+      - name: 🛡️🔍 Scan Image for Vulnerabilities using Docker Scout
+        uses: docker/scout-action@v1 # https://github.com/docker/scout-action
+        with:
+          command: cves,recommendations
+          only-severities: critical,high
+          image: ${{ steps.metadata-base.outputs.tags }}
+          format: 'json'
+          sarif-file: 'scout-results.sarif.json'
+          summary: true
+
+      - name: 🛡️🔼 Upload Docker Scout scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3 # https://github.com/github/codeql-action
+        with:
+          sarif_file: 'scout-results.sarif.json'