feat: Add Trivy security scanning to Docker workflows

- Add Trivy vulnerability scanner after image build
- Upload SARIF results to GitHub Security tab
- Display critical/high severity issues in workflow logs
- Add security-events permission for SARIF upload
- Skip scanning on pull requests to save time

.github/workflows/docker-build.yml

@@ -20,6 +20,7 @@ jobs:
     permissions:
       contents: read
       packages: write
+      security-events: write
 
     steps:
       # Step 1: Download the code
@@ -72,6 +73,7 @@ jobs:
       # Step 7: Build and push Docker image
       - name: 🐳 Build and push Docker image
         uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
+        id: build
         with:
           context: .
           file: ./Dockerfile
@@ -82,7 +84,30 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-      # Step 8: Create a summary
+      # Step 8: Run Trivy security scan
+      - name: 🔍 Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'dev' }}
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      # Step 9: Upload Trivy results to GitHub Security tab
+      - name: 📤 Upload Trivy results to GitHub Security
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      # Step 10: Run Trivy with table output for workflow logs
+      - name: 📋 Run Trivy scan (table output)
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'dev' }}
+          format: 'table'
+          severity: 'CRITICAL,HIGH'
+
+      # Step 11: Create a summary
       - name: 📋 Create summary
         run: |
           echo "## 🎉 Docker Image Built Successfully!" >> $GITHUB_STEP_SUMMARY