ci: publish Trivy security report in comment

[jbern0rd]

No description provided.

[github-actions]

🔒 Trivy Security linux/amd64 Scan Results

Click to expand detailed results

Report Summary

┌──────────────────────────────────────────────────────────────────────────┬────────────┬─────────────────┬─────────┐
│                                  Target                                  │    Type    │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────────────────────────────────┼────────────┼─────────────────┼─────────┤
│ docker-regis.iex.ec/python-hello-world:feature-b37192d0 (alpine 3.23.4)  │   alpine   │        0        │    -    │
├──────────────────────────────────────────────────────────────────────────┼────────────┼─────────────────┼─────────┤
│ usr/local/lib/python3.13/site-packages/pip-26.0.1.dist-info/METADATA     │ python-pkg │        1        │    -    │
├──────────────────────────────────────────────────────────────────────────┼────────────┼─────────────────┼─────────┤
│ usr/local/lib/python3.13/site-packages/pyfiglet-1.0.4.dist-info/METADATA │ python-pkg │        0        │    -    │
└──────────────────────────────────────────────────────────────────────────┴────────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


Python (python-pkg)
===================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌────────────────┬───────────────┬──────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────┐
│    Library     │ Vulnerability │ Severity │  Status  │ Installed Version │ Fixed Version │                         Title                         │
├────────────────┼───────────────┼──────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤
│ pip (METADATA) │ CVE-2026-3219 │ MEDIUM   │ affected │ 26.0.1            │               │ pip: pip: Incorrect file installation due to improper │
│                │               │          │          │                   │               │ archive handling                                      │
│                │               │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2026-3219             │
└────────────────┴───────────────┴──────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘

[github-actions]

🐳 Hadolint Dockerfile Lint Results

Click to expand detailed results

cloud-computing/Dockerfile:5 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
cloud-computing/Dockerfile:5 DL3042 warning: Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
cloud-computing/Dockerfile:5 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.