I am using it in a Gitlab Pipeline and I wanted to separate my jobs / stages.
My stages are like this:
With other words on stage “Build” I am building my image, save it afterwards as a *.tar with “docker save” to a folder and put that folder in my artifacts.
On the “Scan” stage, is where I scan my images for CVEs.
I have my images as *.tar from the artifacts and mount these as a Volume in the “scout-cli” container.
You can scan directly from the tar in the mounted volume.
On the “Push” stage I extract the images again from the *.tar files with “docker load” so, that I can upload them to my own Registry.
Why did I choose this complicated way of doing the things?
The scout-cli can only scan images from a *.tar file or if they are on Dockerhub.
I am uploading the images to an own internal Docker Registry, so that wouldnt work there.
Another reason was, because I wanted to also scan my images before pushing to the Docker Registry.