Trivy scan result upload to GitHub fails due to permission issue. Added permission security-events=write to the workflow file as a fix. Since workflow permission explicitly defined, it requires contents=read explicity set as well
Signed-off-by: Chaminda Divitotawela <cdivitotawela@gmail.com>
Repository follow standard to use git hash to pin the GitHub actions. Updated the container security scan workflow actions with their git hashes
Signed-off-by: Chaminda Divitotawela <cdivitotawela@gmail.com>
Container security scanning workflow added. This runs on schedule everyday. Also possible to run on-demand for a given image tag
Signed-off-by: Chaminda Divitotawela <cdivitotawela@gmail.com>
Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com>
Co-authored-by: Justin Florentine <justin+github@florentine.us>
