Run Security Tests #5723

	name: 'Run Security Tests'
	on:
	push:
	branches:
	- main
	- dev
	pull_request:
	schedule:
	- cron: '* * * * 0' # run weekly
	permissions:
	contents: read
	actions: read
	checks: write
	security-events: write
	jobs:
	report:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
	with:
	scan-type: 'fs'
	format: 'sarif'
	output: 'trivy-results-fs.sarif'
	severity: 'CRITICAL,HIGH,MEDIUM'
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4
	with:
	sarif_file: 'trivy-results-fs.sarif'

Provide feedback