adding build

Author: krixapolinario

.github/workflows/deploy.yml

@@ -61,4 +61,25 @@ jobs:
           ignore-unfixed: true
           exit-code: 1
           # On a subsequent call to the action we know trivy is already installed so can skip this
-          skip-setup-trivy: true
+          skip-setup-trivy: true
+  
+  Build-Trivy:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'