test

.github/workflows/sec-checks.yaml

@@ -0,0 +1,32 @@
+name: security-checks-manager
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  trivy-file-system:
+    name: Trivy Scan
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: "fs"
+          ignore-unfixed: true
+          format: "json"
+          output: "./trivy-results.json"
+          severity: "CRITICAL,HIGH,MEDIUM"
+          exit-code: "1"
+      - name: Inspect action report
+        if: always()
+        shell: bash
+        run: cat ./trivy-results.json
+      - if: always()
+        name: Upload artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: trivy code report
+          path: ./trivy-results.json