Security vulnerability scan #153

	name: "Security vulnerability scan"

	on:
	schedule:
	- cron: "22 22 * * *"
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	dev:
	name: Scan development codebase
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: ./.github/actions/scan

	release:
	name: Scan latest release
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	sparse-checkout: \|
	.github
	- name: Get latest releast tag
	id: latest-release
	run: echo "TAG=$(curl --location --silent --fail "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/latest" \| jq --raw-output '.tag_name')" >> "${GITHUB_OUTPUT}"
	- name: Checkout release ${{ steps.latest-release.outputs.TAG }}
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	ref: ${{ steps.latest-release.outputs.TAG }}
	path: src
	- name: Checkout latest OSV Scanner configuration
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	path: latest
	sparse-checkout: \|
	osv-scanner.toml
	sparse-checkout-cone-mode: false
	- name: Copy OSV Scanner configuration
	run: \|
	if [ -r latest/osv-scanner.toml ]; then
	cp -f latest/osv-scanner.toml src/osv-scanner.toml
	fi
	- uses: ./.github/actions/scan
	with:
	path: src

Provide feedback