From 429f5e7568df699c68c8e7088c2623b9646722ea Mon Sep 17 00:00:00 2001
From: Alexey Pustovalov <alexey.pustovalov@zabbix.com>
Date: Fri, 17 Jan 2025 16:44:37 +0900
Subject: [PATCH] Added container scan tool

---
 .github/workflows/images_build.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/images_build.yml b/.github/workflows/images_build.yml
index 1cee32076..41bae5f41 100644
--- a/.github/workflows/images_build.yml
+++ b/.github/workflows/images_build.yml
@@ -392,6 +392,12 @@ jobs:
           cache-from: ${{ steps.cache_data.outputs.cache_from }}
           cache-to: ${{ steps.cache_data.outputs.cache_to }}
 
+      - name: Scan for vulnerabilities
+        uses: crazy-max/ghaction-container-scan@v3
+        with:
+          image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+          annotations: true
+
       - name: Sign the images with GitHub OIDC Token
         if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
         env: