ci: Adding trivy image scans and building on schedule to the 1st of every month to update the image and resolve vulnerabilities in the latest build

Author: GeorgeDavis-Ibexlabs

.github/workflows/docker-publish.yml

@@ -10,6 +10,9 @@
 name: Publish Docker image
 
 on:
+  schedule:
+    - cron: "0 0 1 * *"
+    
   release:
     types: [published]
 
@@ -54,4 +57,24 @@ jobs:
             repository: georgedavisibexlabs/publish-sarif-to-jira
             short-description: Publish SARIF data to JIRA
             readme-filepath: ./DOCKER.md
-            enable-url-completion: true
+            enable-url-completion: true
+
+      - name: Run Trivy Image scanner
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          scan-type: 'image'
+          image-ref: 'georgedavisibexlabs/publish-sarif-to-jira'
+          limit-severities-for-sarif: true
+          trivy-config: .github/config/trivy-sarif.yaml
+    
+      - name: Upload Trivy Image scan results
+        uses: actions/upload-artifact@v4.3.6
+        with:
+          name: trivy-image-scan-results
+          path: trivy-image-scan-results.sarif
+          retention-days: 30
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-image-scan-results.sarif'