chore(deps): Update dependency google-auth to v2.48.0 #141

	---
	name: Security Scanning

	"on":
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	schedule:
	- cron: "0 2 * * 1" # Weekly Monday 02:00 UTC
	workflow_call:

	permissions:
	contents: read
	security-events: write

	jobs:
	trivy:
	name: Trivy Scan
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3

	- name: Build image for scanning
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
	with:
	context: .
	push: false
	load: true
	tags: ansible:scan
	cache-from: type=registry,ref=ghcr.io/arillso/ansible-cache:latest
	cache-to: type=gha,mode=max
	provenance: false
	sbom: false

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@0.33.1
	with:
	image-ref: "ansible:scan"
	format: "sarif"
	output: "trivy-results.sarif"
	severity: "CRITICAL,HIGH"

	- name: Upload Trivy scan results
	uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4
	if: always()
	with:
	sarif_file: "trivy-results.sarif"

	secrets:
	name: Secret Scanning
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	fetch-depth: 0

	- name: TruffleHog scan
	uses: trufflesecurity/trufflehog@116e7171542d2f1dad8810f00dcfacbe0b809183 # v3.92.5
	with:
	path: ./
	base: ${{ github.event.pull_request.base.sha \|\| 'HEAD~1' }}
	head: HEAD
	extra_args: --only-verified

Provide feedback