feat: Add comprehensive GitHub Actions CI/CD pipeline

- CI workflow: multi-OS builds (Ubuntu, Windows, macOS), tests, formatting, clippy
- Release workflow: automated releases with cross-platform binaries
- Dependency workflow: automated dependency updates and security audits
- Docker workflow: container builds with security scanning
- Added multi-stage Dockerfile with security best practices
- Support for multiple architectures (x64, ARM64)
- Automated publishing to crates.io and GitHub Container Registry

Author: MindPatch

.dockerignore

@@ -0,0 +1,47 @@
+# Git
+.git
+.gitignore
+
+# Target directory
+target/
+**/*.rs.bk
+
+# IDE files
+.vscode/
+.idea/
+*.iml
+*.swp
+*.swo
+*~
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Documentation
+*.md
+docs/
+
+# Test files
+test_*
+**/test_*
+
+# Automation workspace
+vulfy-workspace/
+vulfy-exports/
+
+# Results and logs
+*.json
+*.log
+
+# Docker files (except Dockerfile)
+.dockerignore
+docker-compose.yml
+
+# CI/CD
+.github/
+
+# Other
+assets/
+automation-results.json
+vulfy-scan-result.json 

.github/workflows/ci.yml

@@ -0,0 +1,182 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, master, feat/* ]
+  pull_request:
+    branches: [ main, master ]
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test:
+    name: Test Suite
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        rust: [stable, beta]
+        include:
+          - os: ubuntu-latest
+            rust: nightly
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@master
+      with:
+        toolchain: ${{ matrix.rust }}
+
+    - name: Cache Cargo registry
+      uses: actions/cache@v4
+      with:
+        path: |
+          ~/.cargo/registry
+          ~/.cargo/git
+          target
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-cargo-
+
+    - name: Install system dependencies (Ubuntu)
+      if: matrix.os == 'ubuntu-latest'
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y libssl-dev pkg-config
+
+    - name: Install system dependencies (macOS)
+      if: matrix.os == 'macos-latest'
+      run: |
+        brew install openssl
+        echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl)" >> $GITHUB_ENV
+
+    - name: Check formatting
+      if: matrix.rust == 'stable' && matrix.os == 'ubuntu-latest'
+      run: cargo fmt --all -- --check
+
+    - name: Run Clippy
+      if: matrix.rust == 'stable'
+      run: cargo clippy --all-targets --all-features -- -D warnings
+
+    - name: Run tests
+      run: cargo test --verbose --all-features
+
+    - name: Build release
+      run: cargo build --release --verbose
+
+  build:
+    name: Build Binaries
+    runs-on: ${{ matrix.os }}
+    needs: test
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-latest
+            target: x86_64-unknown-linux-gnu
+            binary-suffix: ""
+          - os: windows-latest
+            target: x86_64-pc-windows-msvc
+            binary-suffix: ".exe"
+          - os: macos-latest
+            target: x86_64-apple-darwin
+            binary-suffix: ""
+          - os: macos-latest
+            target: aarch64-apple-darwin
+            binary-suffix: ""
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+      with:
+        targets: ${{ matrix.target }}
+
+    - name: Cache Cargo registry
+      uses: actions/cache@v4
+      with:
+        path: |
+          ~/.cargo/registry
+          ~/.cargo/git
+          target
+        key: ${{ runner.os }}-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-${{ matrix.target }}-cargo-
+
+    - name: Install system dependencies (Ubuntu)
+      if: matrix.os == 'ubuntu-latest'
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y libssl-dev pkg-config
+
+    - name: Install system dependencies (macOS)
+      if: matrix.os == 'macos-latest'
+      run: |
+        brew install openssl
+        echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl)" >> $GITHUB_ENV
+
+    - name: Build binary
+      run: cargo build --release --target ${{ matrix.target }}
+
+    - name: Upload binary (Unix)
+      if: matrix.os != 'windows-latest'
+      uses: actions/upload-artifact@v4
+      with:
+        name: vulfy-${{ matrix.target }}
+        path: target/${{ matrix.target }}/release/vulfy
+
+    - name: Upload binary (Windows)
+      if: matrix.os == 'windows-latest'
+      uses: actions/upload-artifact@v4
+      with:
+        name: vulfy-${{ matrix.target }}
+        path: target/${{ matrix.target }}/release/vulfy.exe
+
+  security-audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+
+    - name: Install cargo-audit
+      run: cargo install cargo-audit
+
+    - name: Run security audit
+      run: cargo audit
+
+  coverage:
+    name: Code Coverage
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+      with:
+        components: llvm-tools-preview
+
+    - name: Install system dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y libssl-dev pkg-config
+
+    - name: Install cargo-llvm-cov
+      run: cargo install cargo-llvm-cov
+
+    - name: Generate coverage report
+      run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v4
+      with:
+        file: lcov.info
+        fail_ci_if_error: true 

.github/workflows/dependency-update.yml

@@ -0,0 +1,151 @@
+name: Dependency Update
+
+on:
+  schedule:
+    # Run weekly on Monday at 9 AM UTC
+    - cron: '0 9 * * 1'
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  update-dependencies:
+    name: Update Dependencies
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+
+    - name: Install system dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y libssl-dev pkg-config
+
+    - name: Install cargo-edit
+      run: cargo install cargo-edit
+
+    - name: Update Cargo dependencies
+      run: |
+        cargo update
+        cargo upgrade --incompatible
+
+    - name: Check if dependencies changed
+      id: changes
+      run: |
+        if git diff --quiet Cargo.toml Cargo.lock; then
+          echo "changed=false" >> $GITHUB_OUTPUT
+        else
+          echo "changed=true" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Run tests with updated dependencies
+      if: steps.changes.outputs.changed == 'true'
+      run: cargo test --all-features
+
+    - name: Create Pull Request
+      if: steps.changes.outputs.changed == 'true'
+      uses: peter-evans/create-pull-request@v5
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        commit-message: "chore: update dependencies"
+        title: "🔄 Weekly Dependency Update"
+        body: |
+          ## Dependency Update
+
+          This is an automated PR to update Rust dependencies.
+
+          ### Changes
+          - Updated `Cargo.lock` with latest compatible versions
+          - Upgraded incompatible dependencies in `Cargo.toml`
+
+          ### Testing
+          - ✅ All tests pass with updated dependencies
+          - ✅ Build succeeds on multiple platforms
+
+          ### Review Notes
+          Please review the changes and ensure all functionality works as expected.
+        branch: dependency-update
+        delete-branch: true
+
+  security-advisory:
+    name: Security Advisory Check
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+
+    - name: Install cargo-audit
+      run: cargo install cargo-audit
+
+    - name: Run security audit
+      run: cargo audit --json > audit-report.json || true
+
+    - name: Check for vulnerabilities
+      id: vulnerabilities
+      run: |
+        if [ -s audit-report.json ] && jq '.vulnerabilities | length > 0' audit-report.json | grep -q true; then
+          echo "found=true" >> $GITHUB_OUTPUT
+          echo "## Security Vulnerabilities Found" >> vulnerability-report.md
+          echo "" >> vulnerability-report.md
+          jq -r '.vulnerabilities[] | "- **\(.advisory.id)**: \(.advisory.title) (Package: \(.package.name))"' audit-report.json >> vulnerability-report.md
+        else
+          echo "found=false" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Create Security Issue
+      if: steps.vulnerabilities.outputs.found == 'true'
+      uses: actions/github-script@v7
+      with:
+        script: |
+          const fs = require('fs');
+          const report = fs.readFileSync('vulnerability-report.md', 'utf8');
+          
+          await github.rest.issues.create({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            title: '🚨 Security Vulnerabilities Detected',
+            body: `${report}\n\n**Action Required**: Please review and update the affected dependencies.\n\nGenerated by: ${context.workflow} workflow`,
+            labels: ['security', 'dependencies', 'urgent']
+          });
+
+  outdated-check:
+    name: Check Outdated Dependencies
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+
+    - name: Install system dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y libssl-dev pkg-config
+
+    - name: Install cargo-outdated
+      run: cargo install cargo-outdated
+
+    - name: Check for outdated dependencies
+      run: |
+        cargo outdated --format json > outdated.json || true
+        echo "## Outdated Dependencies Report" > outdated-report.md
+        echo "" >> outdated-report.md
+        
+        if [ -s outdated.json ]; then
+          jq -r '.dependencies[] | select(.latest != .project) | "- **\(.name)**: \(.project) → \(.latest)"' outdated.json >> outdated-report.md
+        else
+          echo "All dependencies are up to date! 🎉" >> outdated-report.md
+        fi
+
+    - name: Upload outdated report
+      uses: actions/upload-artifact@v4
+      with:
+        name: outdated-dependencies-report
+        path: outdated-report.md