Add Trivy pipeline

.github/workflows/docker-buildx-dev.yml

@@ -36,18 +36,28 @@ jobs:
         name: Login to DockerHub
         uses: docker/login-action@v1
         with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push multi-arch dev
         uses: docker/build-push-action@v2
         with:
-            context: .
-            file: ./Dockerfile
-            platforms: |
-              linux/amd64
-              linux/arm64
-              linux/arm/v7
-              linux/arm/v6
-            push: true
-            tags: ${{ github.repository }}:dev
+          context: .
+          file: ./Dockerfile
+          platforms: |
+            linux/amd64
+            linux/arm64
+            linux/arm/v7
+            linux/arm/v6
+          push: true
+          tags: ${{ github.repository }}:${{ github.ref }}
+      -
+        name: Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: '${{ github.repository }}:${{ github.ref }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          #severity: 'CRITICAL,HIGH'