Merge branch 'main' into gofumpt

Author: zirain

.github/workflows/trivy.yml

@@ -0,0 +1,31 @@
+name: Trivy
+
+on:
+  push:
+    branches:
+    - "main"
+  schedule:
+  - cron: '55 17 * * 5'
+
+permissions:
+  contents: read
+
+jobs:
+  image-scan:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+    name: Image Scan
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f  # v4.1.3
+
+    - name: Build an image from Dockerfile
+      run: |
+        IMAGE=envoy-proxy/gateway-dev TAG=${{ github.sha }} make image
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55  # v0.19.0
+      with:
+        image-ref: envoy-proxy/gateway-dev:${{ github.sha }}
+        exit-code: '1'

README.md

@@ -3,6 +3,9 @@
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/envoyproxy/gateway/badge)](https://securityscorecards.dev/viewer/?uri=github.com/envoyproxy/gateway)
 [![Build and Test](https://github.com/envoyproxy/gateway/actions/workflows/build_and_test.yaml/badge.svg)](https://github.com/envoyproxy/gateway/actions/workflows/build_and_test.yaml)
 [![codecov](https://codecov.io/gh/envoyproxy/gateway/branch/main/graph/badge.svg)](https://codecov.io/gh/envoyproxy/gateway)
+[![CodeQL](https://github.com/envoyproxy/gateway/actions/workflows/codeql.yml/badge.svg)](https://github.com/envoyproxy/gateway/actions/workflows/codeql.yml)
+[![OSV-Scanner](https://github.com/envoyproxy/gateway/actions/workflows/osv-scanner.yml/badge.svg)](https://github.com/envoyproxy/gateway/actions/workflows/osv-scanner.yml)
+[![Trivy](https://github.com/envoyproxy/gateway/actions/workflows/trivy.yml/badge.svg)](https://github.com/envoyproxy/gateway/actions/workflows/trivy.yml)
 
 Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or
 Kubernetes-based application gateway.