diff --git a/docs/github-action.md b/docs/github-action.md
index 2aabf0b..2799d49 100644
--- a/docs/github-action.md
+++ b/docs/github-action.md
@@ -8,6 +8,7 @@ Complete guide to integrating Socket Basics into your GitHub Actions workflows f
 - [Basic Configuration](#basic-configuration)
 - [Enterprise Features](#enterprise-features)
 - [Advanced Workflows](#advanced-workflows)
+  - [Dockerfile Auto-Discovery](#dockerfile-auto-discovery)
 - [Configuration Reference](#configuration-reference)
 - [Troubleshooting](#troubleshooting)
 
@@ -385,6 +386,88 @@ jobs:
           trivy_vuln_enabled: 'true'
 ```
 
+### Dockerfile Auto-Discovery
+
+For repositories with multiple Dockerfiles across different directories, you can automatically discover them instead of manually listing each path.
+
+```yaml
+name: Security Scan with Dockerfile Auto-Discovery
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  push:
+    branches: [main]
+
+jobs:
+  discover-dockerfiles:
+    runs-on: ubuntu-latest
+    outputs:
+      dockerfiles: ${{ steps.discover.outputs.dockerfiles }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Discover Dockerfiles
+        id: discover
+        run: |
+          DOCKERFILES=$(find . -type d \( \
+            -name node_modules -o -name vendor -o -name .git -o \
+            -name test -o -name tests -o -name testing -o -name __tests__ -o \
+            -name fixture -o -name fixtures -o -name testdata -o \
+            -name example -o -name examples -o -name sample -o -name samples -o \
+            -name dist -o -name build -o -name out -o -name target -o \
+            -name venv -o -name .venv -o -name .cache \
+            \) -prune -o \
+            -type f \( -name 'Dockerfile' -o -name 'Dockerfile.*' -o -name '*.dockerfile' \) \
+            -print | sed 's|^./||' | paste -sd ',' -)
+
+          echo "Discovered Dockerfiles: $DOCKERFILES"
+          echo "dockerfiles=$DOCKERFILES" >> $GITHUB_OUTPUT
+
+  security-scan:
+    needs: discover-dockerfiles
+    if: needs.discover-dockerfiles.outputs.dockerfiles != ''
+    permissions:
+      issues: write
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Run Socket Basics
+        uses: SocketDev/socket-basics@1.0.26
+        env:
+          GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          dockerfiles: ${{ needs.discover-dockerfiles.outputs.dockerfiles }}
+          trivy_vuln_enabled: 'true'
+```
+
+**How it works:**
+
+1. **Discovery job** uses `find` to locate Dockerfiles matching common patterns:
+   - `Dockerfile` (exact match)
+   - `Dockerfile.*` (e.g., `Dockerfile.prod`, `Dockerfile.dev`)
+   - `*.dockerfile` (e.g., `backend.dockerfile`)
+
+2. **Excluded directories** prevent scanning test fixtures and build artifacts:
+   - Package managers: `node_modules`, `vendor`, `venv`
+   - Test directories: `test`, `tests`, `__tests__`, `fixtures`
+   - Build outputs: `dist`, `build`, `out`, `target`
+
+3. **Scan job** receives discovered paths via job output and skips if none found
+
+**Customizing discovery patterns:**
+
+```yaml
+# Only scan production Dockerfiles
+-type f -name 'Dockerfile.prod' -print
+
+# Add custom exclusions
+-name custom_test_dir -o -name legacy -o \
+```
+
 ### Custom Rule Configuration
 
 ```yaml