Generic environment integration with CLI

version: 2.1  jobs:  record_environment:  machine:  image: ubuntu-2204:current  image: namespace/repo  steps:  - run: |  if [[ -z "$CIRCLE_TAG" ]]; then  tag="$CIRCLE_TAG"  echo "Running tag '$CIRCLE_TAG'"  else  tag="$CIRCLE_BRANCH"  echo "Running on branch '$CI_COMMIT_BRANCH'"  fi  echo "tag = $tag"  - run: docker run -it \  -e DOCKER_SCOUT_HUB_USER=$DOCKER_SCOUT_HUB_USER \  -e DOCKER_SCOUT_HUB_PASSWORD=$DOCKER_SCOUT_HUB_PASSWORD \  docker/scout-cli:1.0.2 environment \  --org "<MY_DOCKER_ORG>" \  "<ENVIRONMENT>" ${image}:${tag}

variables:  image: namespace/repo  record_environment:  image: docker/scout-cli:1.0.2  script:  - |  if [[ -z "$CI_COMMIT_TAG" ]]; then  tag="latest"  echo "Running tag '$CI_COMMIT_TAG'"  else  tag="$CI_COMMIT_REF_SLUG"  echo "Running on branch '$CI_COMMIT_BRANCH'"  fi  echo "tag = $tag"  - environment --org <MY_DOCKER_ORG> "PRODUCTION" ${image}:${tag}

trigger:  - main  resources:  - repo: self  variables:  tag: "$(Build.BuildId)"  image: "namespace/repo"  stages:  - stage: Docker Scout  displayName: Docker Scout environment integration  jobs:  - job: Record  displayName: Record environment  pool:  vmImage: ubuntu-latest  steps:  - task: Docker@2  - script: docker run -it \  -e DOCKER_SCOUT_HUB_USER=$DOCKER_SCOUT_HUB_USER \  -e DOCKER_SCOUT_HUB_PASSWORD=$DOCKER_SCOUT_HUB_PASSWORD \  docker/scout-cli:1.0.2 environment \  --org "<MY_DOCKER_ORG>" \  "<ENVIRONMENT>" $(image):$(tag)

stage('Analyze image') {  steps {  // Install Docker Scout  sh 'curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- -b /usr/local/bin'   // Log into Docker Hub  sh 'echo $DOCKER_SCOUT_HUB_PASSWORD | docker login -u $DOCKER_SCOUT_HUB_USER --password-stdin'   // Analyze and fail on critical or high vulnerabilities  sh 'docker-scout environment --org "<MY_DOCKER_ORG>" "<ENVIRONMENT>" $IMAGE_TAG  } }