Scan image with trivy

Author: said-moj

.github/workflows/build.yml

@@ -45,3 +45,14 @@ jobs:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
           REPOSITORY: ${{ inputs.ECR_REPOSITORY }}
           IMAGE_TAG: ${{ github.sha }}
+
+      - name:  Scan for vulnerabilities (informative, non-breaking)
+        id: scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${REGISTRY}/${REPOSITORY}:${IMAGE_TAG}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'