Add trivy scanner

.github/workflows/build-and-test.yml

@@ -33,3 +33,29 @@ jobs:
           cd build
           make package
           make test
+
+      - name: Generate Trivy vulnerability scan report
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'fs'
+          format: 'sarif'
+          exit-code: '0'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH'
+          output: 'trivy-results.sarif'
+          hide-progress: true
+
+      - name: Upload Trivy scan report to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Test with Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'fs'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITICAL'
+          hide-progress: true