Security Scan #40

	name: Security Scan

	on:
	schedule:
	- cron: "0 1 * * 6"
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.ref }}
	cancel-in-progress: true
	jobs:
	security-scan:
	runs-on: ubuntu-22.04
	timeout-minutes: 5
	steps:
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 # 0.11.2
	env:
	TRIVY_USERNAME: ${{ github.repository_owner }}
	TRIVY_PASSWORD: ${{ github.token }}
	with:
	image-ref: ghcr.io/${{ github.repository }}:latest
	ignore-unfixed: true
	vuln-type: "os"
	severity: "CRITICAL,HIGH"
	format: "sarif"
	output: "trivy-results.sarif"
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@46ed16ded91731b2df79a2893d3aea8e9f03b5c4 # v2
	with:
	sarif_file: "trivy-results.sarif"

Provide feedback