trivy

release(v0.9.0): prepare release #1177

	name: trivy
	on:
	push:
	branches-ignore:
	- 'dependabot/**'
	pull_request:
	schedule:
	- cron: '0 12 * * 6'
	permissions:
	contents: read
	jobs:
	trivy:
	permissions:
	contents: read
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	runs-on: ubuntu-22.04
	steps:
	- name: Check out code into the Go module directory
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Set up QEMU
	uses: docker/[email protected]
	- name: Set up Docker Buildx
	uses: docker/[email protected]
	- name: Build Container Image
	uses: docker/[email protected]
	with:
	context: .
	file: ./Dockerfile
	load: true
	platforms: linux/amd64
	provenance: false
	push: false
	tags: ghcr.io/${{ github.repository }}:trivy
	- name: Run Trivy Vulnerability Scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: ghcr.io/${{ github.repository }}:trivy
	format: sarif
	output: ./trivy-results.sarif
	- name: Upload Trivy Scan Results
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: ./trivy-results.sarif

Provide feedback