chore: scan images for vulnerabilities (#907)

"Drink our own Aqua"

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>

.github/workflows/build.yaml

@@ -272,3 +272,24 @@ jobs:
         with:
           version: v1.1.0
           args: release --snapshot --skip-publish --rm-dist
+      - name: Scan Starboard CLI image for vulnerabilities
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/aquasec/starboard:${{ github.sha }}'
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH'
+      - name: Scan Starboard Operator image for vulnerabilities
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/aquasec/starboard-operator:${{ github.sha }}'
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH'
+      - name: Scan Starboard Scanner Aqua image for vulnerabilities
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/aquasec/starboard-scanner-aqua:${{ github.sha }}'
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH'