Trivy vulnerability scanner #547

	name: Trivy vulnerability scanner
	on:
	push:
	branches:
	- master
	schedule:
	- cron: '0 0 * * *' # Run daily at midnight UTC
	jobs:
	build:
	name: Build
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6

	- name: Parse go version from release-tools/prow.sh
	run: \|
	GO_VERSION=$(cat release-tools/prow.sh \| grep "configvar CSI_PROW_GO_VERSION_BUILD" \| awk '{print $3}' \| sed 's/"//g')
	echo "Using go from release-tools: $GO_VERSION"
	echo "$GO_VERSION" >> '.go-version'

	- name: Install go
	uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
	with:
	go-version-file: .go-version

	- name: Build an image from Dockerfile
	run: \|
	make
	docker build -t test/livenessprobe:latest -f Dockerfile --output=type=docker --label revision=latest .

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
	with:
	image-ref: 'test/livenessprobe:latest'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'

Provide feedback