Container analysis #352

	name: Container analysis

	on:
	push:
	branches: [main]
	schedule:
	- cron: "44 10 * * 6"

	jobs:
	scanning:
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	steps:
	- uses: actions/checkout@v4

	- name: Trivy
	continue-on-error: true
	uses: aquasecurity/trivy-action@0.19.0
	with:
	image-ref: "ghcr.io/${{ github.repository }}:latest"
	format: "sarif"
	output: "trivy-results.sarif"
	severity: "HIGH,CRITICAL"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: "trivy-results.sarif"

	- name: Snyk
	continue-on-error: true
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: ghcr.io/${{ github.repository }}:latest
	args: --file=Dockerfile --severity-threshold=high

	- name: Upload Snyk result to GitHub Code Scanning
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: snyk.sarif

Provide feedback