Add trivy workflow

[ainsofs]

Summary

• Inclusion of New Security Enhancement A new file was added that outlines a procedure, or "workflow", aiming to regularly carry out security checks on our code. These checks occur each time updates are made to the principal code or when proposed changes are under review.

• Automated Security Checks This set process triggers automatically on two occasions: when the main code receives updates ("push to the main branch") or when there are proposals for modification to the existing code ("pull requests").

• Compatibility with Recent Systems This procedure is designed to operate efficiently on a popular and up-to-date operating system, Ubuntu 20.04.

• Detailed Workflow Steps The security check process consists of following key functions:

  • The current state of the code is accessed ("Checkout code")
  • A thorough vulnerability examination of the repository is conducted using a tool named "Trivy" with the settings defined by us ("Run Trivy vulnerability scanner in repo mode with specified configurations")
  • The outcomes of the security examination are placed in the GitHub Security tab in a standard, accessible format known as SARIF. This promotes easy analysis of the security status and threat detection ("Upload Trivy scan results to the GitHub Security tab using the SARIF format").

Description

Related to #163

Motivation and Context

Scan for security issues

How has this been tested?

Screenshots (if appropriate)

Types of changes

• [ ] Bug fix (non-breaking change which fixes an issue)
• [x] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

• [ ] My code fulfills the acceptance criteria.
• [ ] My change requires a change to the documentation.
• [ ] I have updated the documentation accordingly.

[github-advanced-security[bot]]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.