Vulnerability Scan #1101

	---
	name: Vulnerability Scan

	on:
	schedule:
	- cron: "30 2 * * *"
	workflow_dispatch:

	permissions: {}

	jobs:
	vulnerability-scan:
	name: 🛡️ Vulnerability Scan (🍨 ${{ matrix.flavor }})
	runs-on: ubuntu-latest
	strategy:
	matrix:
	flavor: ["cpp", "rust"]
	permissions:
	security-events: write # is needed by github/codeql-action/upload-sarif to upload sarif files
	steps:
	- uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
	with:
	egress-policy: audit
	- uses: crazy-max/ghaction-container-scan@a0a3900b79d158c85ccf034e5368fae620a9233a # v4.0.0
	id: scan
	with:
	image: ghcr.io/${{ github.repository }}-${{ matrix.flavor }}:latest
	dockerfile: .devcontainer/Dockerfile
	- uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
	if: steps.scan.outputs.sarif != ''
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}

Provide feedback