First attempt using intel/cve-bin-tool-action to scan for CVE on push.

.github/workflows/scan.yml

@@ -0,0 +1,21 @@
+name: Scan
+
+on:
+  push:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Install State Tool
+        uses: ActiveState/setup-state-tool@v1
+
+      - uses: intel/cve-bin-tool-action@main
+        with:
+          build_command: state run build