Add security scanners to Github Actions #5

	name: Secure

	on: push

	jobs:
	# Sample GitHub Actions:
	# https://semgrep.dev/docs/semgrep-ci/sample-ci-configs#sample-github-actions-configuration-file
	semgrep:
	runs-on: ubuntu-latest
	container:
	image: semgrep/semgrep
	permissions:
	contents: read
	security-events: write
	steps:
	- uses: actions/checkout@v4
	- run: semgrep scan --sarif --output=semgrep.sarif --error
	env:
	SEMGREP_RULES: >-
	p/bandit
	p/command-injection
	p/comment
	p/cwe-top-25
	p/default
	p/gitlab
	p/gitlab-bandit
	p/gitleaks
	p/insecure-transport
	p/owasp-top-ten
	p/python
	p/r2c-best-practices
	p/r2c-bug-scan
	p/r2c-security-audit
	p/secrets
	p/security-audit
	p/xss
	- uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: semgrep.sarif
	if: always()

	# Samples GitHub Actions:
	# https://github.com/aquasecurity/trivy-action
	trivy:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write
	steps:
	- uses: actions/checkout@v4
	- uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	format: 'sarif'
	output: 'trivy.sarif'
	exit-code: '1'
	severity: 'CRITICAL,HIGH'
	- uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: trivy.sarif
	if: always()

Provide feedback