Write instructions/config to run CVE Binary Tool in github actions

[terriko]

Similar to #134 -- it should be relatively easy to run cve-bin-tool as part of your CI infrastructure, but it would be nice to have explicit instructions or a precanned setup that makes it easy for people to use.

[param211]

@terriko there exists a .yml file for github actions workflow in https://github.com/intel/cve-bin-tool/blob/master/.github/workflows/pythonapp.yml . Is the issue about documenting this file's code in something like a readme file for users to setup these actions locally? (I might be misunderstanding the issue!)

[terriko]

Like #134, this is about writing instructions for other people to run cve-bin-tool on their own packages. (Or equally, setting up csv2cve to work with their list of dependencies.)

[terriko]

@ananthan-123 asked on gitter where this should go, and in case anyone else is wondering, I think these instructions should be part of the manual, which is here:

https://github.com/intel/cve-bin-tool/blob/master/MANUAL.md

(Note that it is a little out of date, and I've opened #367 to remind us to update it with the new options before release.)

[Niraj-Kamdar]

If I understood correctly, you are talking about using cve-bin-tool to scan CVEs inside CI pipeline of other projects. If this is the case We can create github actions for our users which they can integrate directly just like we have integrated black in our CI pipeline.

[terriko]

That's the idea! It doesn't seem like it should be too hard to do even without an action, but there's something nice about having it pre-canned for people.