From 620f4ceb5a4fdd19bab2472b87081cf76946df89 Mon Sep 17 00:00:00 2001
From: Saku K <6057704+saku-koodari@users.noreply.github.com>
Date: Wed, 8 Jan 2025 15:46:47 +0200
Subject: [PATCH] feat(.github): add trivy to pipeline

---
 .github/workflows/build.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 15f79c73..829d61a9 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -149,6 +149,20 @@ jobs:
       - name: Check formatting
         run: ./scripts/check-formatting.sh
 
+  security_scan:
+    name: Security scan with trivy
+    runs-on: ubuntu-24.04 [Beta]
+    needs:
+      - check_generated_sources
+    steps:
+      - uses: actions/checkout@v4
+      - name: Scan with trivy
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: "fs"
+          scan-ref: "."
+          trivy-config: trivy.yaml
+
   build_image:
     name: Build image
     runs-on: ubuntu-24.04