From 11cc835a42b16df42ff75c05c8a02032ef27ae62 Mon Sep 17 00:00:00 2001
From: mitchell <mitchellb@activestate.com>
Date: Thu, 22 Aug 2024 16:08:41 -0400
Subject: [PATCH] First attempt using intel/cve-bin-tool-action to scan for CVE
 on push.

---
 .github/workflows/scan.yml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 .github/workflows/scan.yml

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
new file mode 100644
index 0000000000..0a1560a377
--- /dev/null
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,29 @@
+name: Scan
+
+on:
+  push:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    env:
+      VERBOSE: true
+
+    steps:
+      - name: Install State Tool
+        uses: ActiveState/setup-state-tool@v1
+
+      - name: Install Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.22.x
+
+      - uses: intel/cve-bin-tool-action@main
+        with:
+          build_command: state run preprocess && state run build