ci: Add worflow to run trivy scan on public repos

.github/workflows/vulnerability_scan_public.yaml

@@ -0,0 +1,96 @@
+name: Vulnerability Scan
+
+on:
+  pull_request:
+    branches:
+      - master
+      - main
+      - release
+      - dev
+      - stage
+
+jobs:
+  vulnerability-scan:
+    name: Vulnerability Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@0.30.0
+        with:
+          scan-type: 'fs'
+          scanners: 'vuln'
+          ignore-unfixed: true
+          format: "table"
+          severity: "HIGH,CRITICAL"
+          output: trivy-result.txt
+
+      - name: Check Trivy result file
+        # shell: bash --norc -l -e -o pipefail {0}
+        run: cat trivy-result.txt
+
+      - name: Count HIGH/CRITICAL vulnerabilities
+        # shell: bash --norc -l -e -o pipefail {0}
+        id: count_vulns
+        run: |
+          # Summary table
+          awk '
+            BEGIN { in_table=0 }
+            /^┌/ { if (in_table == 0) { in_table=1; print; next } }
+            /^└/ { if (in_table == 1) { print; exit } }
+            { if (in_table == 1) print }
+          ' trivy-result.txt > Summary-table.txt
+
+          echo "Report Summary:"
+          cat Summary-table.txt
+
+          # Extract "Vulnerabilities" column and sum the numbers
+          col=$(awk -F'│' '/Vulnerabilities/ { for (i=1;i<=NF;i++) if ($i ~ /Vulnerabilities/) print i; exit }' Summary-table.txt)
+          total=$(awk -v col="$col" -F'│' 'NR > 3 && $0 ~ /^│/ { gsub(/ /, "", $col); sum += $col } END { print sum }' Summary-table.txt)
+
+          echo "Total vulnerabilities (HIGH/CRITICAL): $total"
+          echo "vuln_total=$total" >> $GITHUB_ENV
+          echo "report_url=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV
+
+      - name: Find previous comment
+        id: find-comment
+        uses: peter-evans/find-comment@v3
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: Trivy Scan Report
+
+      - name: Set conditional comment body
+        # shell: bash --norc -l -e -o pipefail {0}
+        id: comment-body
+        run: |
+          if [ "${{ env.vuln_total }}" != 0 ]; then
+            echo -e "## Trivy Scan Report:\n${{ env.vuln_total }} vulnerabilities(HIGH/CRITICAL) found!\n[View report](${{ env.report_url }})" >> brief-trivy-summary.md
+          else
+            echo -e "## Trivy Scan Report:\nNo vulnerabilities(HIGH/CRITICAL) found!" >> brief-trivy-summary.md
+          fi
+
+      - name: Post Vulnerability Count as PR Comment
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          comment-id: ${{ steps.find-comment.outputs.comment-id }}
+          edit-mode: replace
+          issue-number: ${{ github.event.pull_request.number }}
+          body-path: brief-trivy-summary.md
+
+      - name: Format Trivy Scan Result
+        # shell: bash --norc -l -e -o pipefail {0}
+        run: |
+          if [ "${{ env.vuln_total }}" != 0 ]; then
+            echo -e "\n\`\`\`\n$(cat trivy-result.txt)\n\`\`\`\n" > formatted-trivy-result.md
+          else
+            echo -e "\nNo vulnerabilities(HIGH/CRITICAL) were detected." > formatted-trivy-result.md
+          fi
+
+      - name: Publish Trivy report to GitHub summary
+        # shell: bash --norc -l -e -o pipefail {0}
+        run: |
+          echo "## Trivy Scan Report" >> $GITHUB_STEP_SUMMARY
+          cat formatted-trivy-result.md >> $GITHUB_STEP_SUMMARY