Trivy

Add fixes from scorecard results #1311

	# Runs linter for Docker files
	name: Trivy

	on:
	workflow_dispatch:
	schedule:
	# Runs at 22:45 UTC on Thursday.
	- cron: '45 22 * * 4'
	push:
	pull_request:

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:
	linux:
	name: Trivy
	runs-on: ${{ github.repository_owner == 'oneapi-src' && 'intel-ubuntu-22.04' \|\| 'ubuntu-latest' }}
	permissions:
	security-events: write

	steps:
	- name: Clone repo
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Run Trivy
	uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef # v0.17.0
	with:
	scan-type: 'config'
	hide-progress: false
	format: 'sarif'
	output: 'trivy-results.sarif'
	exit-code: 1 # Fail if issue found
	# file with suppressions: .trivyignore (in root dir)

	- name: Print report and trivyignore file
	run: \|
	echo "### Trivy ignore content:"
	cat .trivyignore
	echo "### Trivy report:"
	cat trivy-results.sarif

	- name: Upload results
	uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback