[UPD] release trigger; (#15) #20

	name: ci-security-scanner-checks

	on:
	push:
	branches:
	- main
	pull_request:
	types:
	- opened
	- reopened
	- synchronize
	- ready_for_review
	branches:
	- main
	schedule:
	- cron: "0 0 * * *"

	permissions:
	contents: read

	jobs:
	trivy_scan:
	name: trivy-scans
	runs-on: ubuntu-20.04
	permissions:
	contents: read
	security-events: write
	actions: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@d2a392a13760cb64cb6bbd31d4bed2a7d9a5298d # master
	with:
	scan-type: 'fs'
	scan-ref: '.'
	format: 'sarif'
	severity: 'CRITICAL,HIGH'
	output: 'trivy-results.sarif'
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
	with:
	sarif_file: 'trivy-results.sarif'
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback