Vulnerabilities Scan #285

	name: Vulnerabilities Scan

	on:
	workflow_run:
	workflows:
	- Release
	types:
	- completed
	schedule:
	- cron: '0 0 * * *'
	workflow_dispatch:
	inputs:
	image-tag:
	description: Docker Image tag
	required: true
	default: latest
	type: string

	jobs:
	trivy-scan:
	name: Run Trivy Scan
	runs-on: ubuntu-latest
	strategy:
	matrix:
	scan:
	- image: mesh-manager
	trivyignores: .trivyignore.controller
	- image: mesh-manager-bundle
	trivyignores: .trivyignore.bundle
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: nadunrds/${{ matrix.scan.image }}:${{ github.event.inputs.image-tag \|\| 'latest' }}
	format: 'sarif'
	exit-code: '1'
	ignore-unfixed: true
	trivyignores: ${{ matrix.scan.trivyignores }}
	output: trivy-results.sarif
	- name: Upload sarif file
	uses: github/codeql-action/upload-sarif@v2
	if: success() \|\| failure()
	with:
	sarif_file: trivy-results.sarif

Provide feedback