Restore Trivy vuln scanner

.github/workflows/analysis.yml

@@ -57,32 +57,33 @@ jobs:
 #           sonar_token: ${{ secrets[matrix.token] }}
 #           triggers: ('${{ matrix.dir }}/')
 
-  # https://github.com/marketplace/actions/aqua-security-trivy
-  # trivy:
-  #   name: Trivy Security Scan
-  #   if: ${{ ! github.event.pull_request.draft }}
-  #   runs-on: ubuntu-22.04
-  #   timeout-minutes: 1
-  #   steps:
-  #     - uses: actions/checkout@v4
-  #     - name: Run Trivy vulnerability scanner in repo mode
-  #       uses: aquasecurity/[email protected]
-  #       with:
-  #         format: "sarif"
-  #         output: "trivy-results.sarif"
-  #         ignore-unfixed: true
-  #         scan-type: "fs"
-  #         scanners: "vuln,secret,config"
-  #         severity: "CRITICAL,HIGH"
+  https://github.com/marketplace/actions/aqua-security-trivy
+  trivy:
+    name: Trivy Security Scan
+    if: ${{ ! github.event.pull_request.draft }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/[email protected]
+        with:
+          format: "sarif"
+          output: "trivy-results.sarif"
+          ignore-unfixed: true
+          scan-type: "fs"
+          scanners: "vuln,secret,config"
+          severity: "CRITICAL,HIGH"
 
-  #     - name: Upload Trivy scan results to GitHub Security tab
-  #       uses: github/codeql-action/upload-sarif@v3
-  #       with:
-  #         sarif_file: "trivy-results.sarif"
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"
 
   results:
     name: Analysis Results
     # needs: [tests, trivy]
+    needs: [trivy]
     runs-on: ubuntu-22.04
     steps:
       - run: echo "Success!"