From d2e51838271056760ea59a10f4fd8bfb460a8afa Mon Sep 17 00:00:00 2001
From: Sahil Ahuja <sahilahuja@gmail.com>
Date: Wed, 29 Jan 2025 21:04:42 +0530
Subject: [PATCH] Docs

---
 .github/workflows/push-image-scan.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/push-image-scan.yml b/.github/workflows/push-image-scan.yml
index 86d7dfa..9c75a9b 100644
--- a/.github/workflows/push-image-scan.yml
+++ b/.github/workflows/push-image-scan.yml
@@ -1,4 +1,6 @@
 name: Image Vulnerability Scan
+# Secrets can only viewed in "push" events. Not pull_request events.
+# That's why this step needs to be called on push, and not on pull_request (to read docker login password).
 
 on:
   workflow_call: