Security vulnerability scan #423

	name: "Security vulnerability scan"

	on:
	schedule:
	- cron: "20 23 * * *"
	workflow_dispatch:

	permissions:
	contents: read

	env:
	GO_VERSION: '1.20'

	jobs:
	go:
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	matrix:
	target:
	- govulncheck
	- nancy
	- osv-scanner
	steps:
	- uses: actions/checkout@v3
	- name: Set up Go
	uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GO_VERSION }}
	check-latest: true
	- name: Scan
	run: make scan-go-${{ matrix.target }}

	node:
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	matrix:
	target:
	- npm-audit
	- osv-scanner
	steps:
	- uses: actions/checkout@v3
	- name: Use Node.js
	uses: actions/setup-node@v3
	with:
	node-version: 18
	- name: Set up Go
	if: matrix.target == 'osv-scanner'
	uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GO_VERSION }}
	- name: Scan
	run: make scan-node-${{ matrix.target }}

	java:
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	matrix:
	target:
	- dependency-check
	- osv-scanner
	steps:
	- uses: actions/checkout@v3
	- name: Set up Java
	if: matrix.target != 'osv-scanner'
	uses: actions/setup-java@v3
	with:
	java-version: 17
	distribution: temurin
	cache: maven
	- name: Set up Go
	if: matrix.target == 'osv-scanner'
	uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GO_VERSION }}
	- name: Scan
	run: make scan-java-${{ matrix.target }}
	- name: "Archive dependency-check report"
	if: (success() \|\| failure()) && matrix.target == 'dependency-check'
	uses: actions/upload-artifact@v3
	with:
	name: dependency-check-report
	path: java/target/dependency-check-report.html

Provide feedback