trivy scanner CI integration support

[yoheimuta]

ref. #163 (comment)

[wwuck]

I am looking at this, but would you have any interest in migrating from circleci to github actions? Or would you prefer it be implemented on the existing circleci configuration?

I have no direct experience with either so I thought it would be a good opportunity for me to learn github actions. I am happy either way whatever you choose.

https://docs.github.com/en/actions/migrating-to-github-actions/migrating-from-circleci-to-github-actions

[wwuck]

https://blog.aquasec.com/devsecops-with-trivy-github-actions
https://github.com/aquasecurity/trivy-action

or perhaps even better, would be this action?
https://github.com/marketplace/actions/container-image-scan
from Microsoft Azure, which runs both Trivy and Dockle.

I would also look at adding hadolint action
https://github.com/marketplace/actions/hadolint-action

[yoheimuta]

would you have any interest in migrating from circleci to github actions?
Or would you prefer it be implemented on the existing circleci configuration?

@wwuck Thank you for your interest!
I'm happy to help you.

Yes, I prefer migrating to GitHub Action.

However, if this migration seems overwhelmed for you, considering your experience, would it be better to add GitHub Action for this trivy scan? In precise, we don't need to consolidate CI this time as the first step. Instead, you can focus on adding this feature alone. Either approach is fine for me 😸

[wwuck]

Thanks! I will take a look at GitHub Actions and see how I go with it.