Test trivy for PRs

Author: antonym

.github/workflows/build.yml

@@ -16,4 +16,19 @@ jobs:
         fetch-depth: '0'
 
     - name: Build the Docker image
-      run: docker build .
+      run: docker build -t docker-netbootxyz:${{ github.sha }} .
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@0.28.0
+      with:
+        image-ref: 'docker-netbootxyz:${{ github.sha }}'
+        format: 'table'
+        exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
+
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: 'trivy-results.sarif'