Feat: Github Workflow Action for Scanning vulnerabilities using Trivy.

[tarunpandey23]

Describe your changes:

Created Github Action Workflows for scanning Vulnerabilities of the Docker Images and posting the output of scan in the PR comment.

Fixes

We are already using Snyk as a vulnerability scanning solution, but incorporating Aqua Security's Trivy into our workflow provides several key advantages, making it beneficial to use both tools side by side.
Advantages of Using Trivy Over Snyk:

• Faster Scanning Performance:
  Trivy is known for its lightweight and fast scanning capabilities. Unlike Snyk, which may take longer to analyze
  dependencies and images, Trivy provides results within seconds, making it ideal for CI/CD pipelines.

• No Need for a Separate Account or API Key:
  Trivy runs locally without requiring an API key, making it easier to integrate into workflows with minimal setup.

• Broader Security Coverage:
  Trivy scans operating system (OS) vulnerabilities and application dependencies in a single scan.

• Cost Efficiency:
  Trivy is completely open-source and free to use, whereas Snyk has limitations on free-tier usage and may require a paid plan for full functionality.

• Local Scanning Without External Calls:
  Trivy scans locally without sending data to an external service, ensuring better data privacy.

Why Use Trivy Alongside Snyk?

Why Use Trivy Alongside Snyk?

Feature	Snyk	Trivy	Benefit of Using Both
OS Vulnerabilities	❌ Limited	✅ Full Support	Trivy ensures full container security
Infrastructure as Code (IaC) Scanning	❌ No	✅ Yes	Trivy secures Terraform & Kubernetes
SBOM Generation	❌ No	✅ Yes	Helps with software supply chain security
Speed & Performance	❌ Slower	✅ Fast	Trivy is optimized for CI/CD workflows
API Key Required	✅ Yes	❌ No	Trivy works out-of-the-box
Cost	💰 Paid Plans	🆓 Free & Open-Source	Reduces security costs

By using Trivy alongside Snyk, we get faster scans, deeper OS security insights, and better cost-effectiveness while still leveraging Snyk's strengths in application security.

• Here are some screenshots showing how the scan output will appear in a pull request (PR) Comment:
  
  

Type of change:

• Bug fix
• Improvement
• New feature
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation

Checklist:

• I have read the CONTRIBUTING document.
• My PR title is Fixes <issue-number>: <short explanation>
• I have commented on my code, particularly in hard-to-understand areas.
• For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

[safayavatsal]

Added the required path for ingestion.

[github-actions]

Hi there 👋 Thanks for your contribution!

The OpenMetadata team will review the PR shortly! Once it has been labeled as safe to test, the CI workflows
will start executing and we'll be able to make sure everything is working as expected.

Let us know if you need any help!

[github-actions]

Hi there 👋 Thanks for your contribution!

The OpenMetadata team will review the PR shortly! Once it has been labeled as safe to test, the CI workflows
will start executing and we'll be able to make sure everything is working as expected.

Let us know if you need any help!

[github-actions]

Hi there 👋 Thanks for your contribution!

The OpenMetadata team will review the PR shortly! Once it has been labeled as safe to test, the CI workflows
will start executing and we'll be able to make sure everything is working as expected.

Let us know if you need any help!

[github-actions]

Hi there 👋 Thanks for your contribution!

The OpenMetadata team will review the PR shortly! Once it has been labeled as safe to test, the CI workflows
will start executing and we'll be able to make sure everything is working as expected.

Let us know if you need any help!

[akash-jain-10]

Thank you for your contribution. LGTM 🚀