Add .gitea/workflows/*.yaml

.gitea/workflows/010_ci_docker_image.yaml

@@ -93,6 +93,32 @@ jobs:
           curl -s "http://${{ vars.LOCALHOST }}:8143/" ; echo
           echo "Stop container: "
           docker container stop ${{ inputs.container-name }}
+
+  vulnerability-scan:
+    runs-on: ubuntu-22.04
+    needs: [build-image]
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp
+      - name: Load image
+        run: |
+          docker load --input /tmp/image.tar
+          docker image ls -a
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ inputs.container-name }}:${{ inputs.image-tag }}
+          format: 'json'
+          output: 'trivy-results.json'
+          severity: 'CRITICAL,HIGH'
+      - name: Upload results
+        uses: actions/upload-artifact@v3
+        with:
+          name: trivy-results
+          path: ${{ github.workspace }}/trivy-results.json
           
   publish-image:
     runs-on: ubuntu-22.04