Create security-checks.yml

Author: usd877

.github/workflows/security-checks.yml

@@ -0,0 +1,44 @@
+name: Security Checks
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  security-checks:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Scan repository for secrets with TruffleHog
+        run: |
+          pip install trufflehog
+          trufflehog git --entropy=False $GITHUB_WORKSPACE || true
+
+      - name: Scan configuration files with Checkov
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: .
+          skip_checks: ""
+          quiet: false
+
+      - name: Scan Docker image with Trivy
+        run: |
+          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+          trivy image --exit-code 0 --severity HIGH,CRITICAL defectdojo:$GITHUB_SHA || true
+
+      - name: Upload security reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: security-reports
+          path: |
+            trufflehog-report.txt
+            checkov-report.txt
+            trivy-report.json