Add grype scan, SBOM and improve labeling (omec-project#106)

Signed-off-by: Marikkannu, Suresh <suresh.marikkannu@intel.com>

Author: sureshmarikkannu

.github/dependabot.yml

@@ -1,14 +1,16 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright 2024 Intel Corporation
 
+# Timeline for each ecosystem is intentionally staggered to spread
+# Dependabot PRs over the week.
 version: 2
 updates:
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
-      day: "wednesday"
+      day: "tuesday"
       time: "21:00"
       timezone: "America/Los_Angeles"
     groups:
@@ -20,6 +22,6 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-      day: "wednesday"
+      day: "thursday"
       time: "21:00"
       timezone: "America/Los_Angeles"

.github/workflows/push.yml

@@ -45,3 +45,27 @@ jobs:
     secrets: inherit
     with:
       branch_name: ${{ github.ref }}
+
+  sbom-source:
+    needs: tag-github
+    permissions:
+      contents: read
+      actions: read
+    uses: omec-project/.github/.github/workflows/sbom-source.yml@d2c362a98ad0cb4911ea762e25109f71f2301d9e # v0.0.12
+    with:
+      changed: ${{ needs.tag-github.outputs.changed }}
+      branch_name: ${{ github.ref }}
+      artifact_name: ${{ github.event.repository.name }}-${{ needs.tag-github.outputs.version }}.spdx.json
+      sbom_format: spdx-json
+      path: .
+
+  grype-scan:
+    needs: [tag-github, sbom-source]
+    permissions:
+      contents: read
+      actions: read
+      security-events: write # Required for SARIF upload to Code Scanning
+    uses: omec-project/.github/.github/workflows/grype-scan.yml@d2c362a98ad0cb4911ea762e25109f71f2301d9e # v0.0.12
+    with:
+      changed: ${{ needs.tag-github.outputs.changed }}
+      artifact_name: ${{ github.event.repository.name }}-${{ needs.tag-github.outputs.version }}.spdx.json