chore: trivy scanner experiment

.github/workflows/scan-code-trivy.yaml

@@ -0,0 +1,37 @@
+name: Trivy Scan Code
+
+on:
+  workflow_call:
+
+concurrency:
+  group: callee-trivy-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  trivy-scan-code:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Cache Scan Dependencies
+        uses: actions/cache@v3
+        with:
+          path: ~/.cache/trivy
+          key: callee-trivy-${{ github.workflow }}-${{ github.run_id }}
+          restore-keys: trivy-
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: fs
+          format: sarif
+          output: trivy-results.sarif
+          exit-code: "0"
+          ignore-unfixed: false
+          severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+          timeout: 10m0s
+      - name: Upload Trivy scan results as artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: trivy-results
+          path: trivy-results.sarif

.github/workflows/test.yaml

@@ -146,12 +146,12 @@ jobs:
         run: |
           rm -rf /tmp/.buildx-cache
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
-  trivy-image-scan:
-    needs: docker-build
-    uses: bcgov/pipeline-templates/.github/workflows/trivy-container.yaml@main
-    with:
-      IMAGE: gregnrobinson/bcgov-nginx-demo
-      TAG: latest
+  # trivy-image-scan:
+  #   needs: docker-build
+  #   uses: bcgov/pipeline-templates/.github/workflows/trivy-container.yaml@main
+  #   with:
+  #     IMAGE: gregnrobinson/bcgov-nginx-demo
+  #     TAG: latest
   #   sonar-repo-scan:
   #     uses: bcgov/pipeline-templates/.github/workflows/sonar-scanner.yaml@main
   #     with: