add CI/CD scan

.github/workflows/nightvision.yml

@@ -0,0 +1,46 @@
+name: Test Case - FastAPI App
+
+on:
+  push:
+  workflow_dispatch:
+
+env:
+  NIGHTVISION_TOKEN: ${{ secrets.NIGHTVISION_TOKEN }}
+  NIGHTVISION_TARGET: xssfastapi
+  NIGHTVISION_APP: xssfastapi
+  NIGHTVISION_AUTH: xssfastapi
+
+jobs:
+  test:
+    permissions:
+      security-events: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: (1) Clone Code
+        uses: actions/checkout@v3
+
+      - name: (2) Install NightVision
+        run: |
+            wget -c https://downloads.nightvision.net/binaries/latest/nightvision_latest_linux_amd64.tar.gz -O - | tar -xz; sudo mv nightvision /usr/local/bin/
+                    python -m pip install semgrep --user
+
+      # - name: (3) Extract API documentation from code
+      #   run: |
+      #     nightvision swagger extract ./ -t ${NIGHTVISION_TARGET} --lang python || true
+      #     if [ ! -e openapi-spec.yml ]; then
+      #         cp backup-openapi-spec.yml openapi-spec.yml
+      #     fi
+
+      - name: (4) Start the app
+        run: docker-compose up -d; sleep 10
+
+      - name: (5) Scan the API
+        run: |
+          nightvision scan -t ${NIGHTVISION_TARGET} -a ${NIGHTVISION_APP} > scan-results.txt
+          nightvision export sarif -s "$(head -n 1 scan-results.txt)" --swagger-file openapi-spec.yml
+
+      - name: (6) Upload SARIF file to GitHub Security Alerts if vulnerabilities are found
+        uses: github/codeql-action/upload-sarif@v2
+        if: success()
+        with:
+          sarif_file: results.sarif