[CI] Add Trivy vulnerables check #1

	name: Trivy images check

	env:
	MODULES_REGISTRY: ${{ vars.DEV_REGISTRY }}
	CI_COMMIT_REF_NAME: ${{ github.event.inputs.tag }}
	MODULES_MODULE_NAME: ${{ vars.RENAMED_MODULE_NAME }}
	MODULES_MODULE_SOURCE: ${{ vars.DEV_MODULE_SOURCE }}
	MODULES_REGISTRY_LOGIN: ${{ vars.RENAMED_DEV_MODULES_REGISTRY_LOGIN }}
	MODULES_REGISTRY_PASSWORD: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
	RELEASE_CHANNEL: ${{ github.event.inputs.channel }}
	MODULES_MODULE_TAG: ${{ github.event.inputs.tag }}

	on:
	pull_request:

	jobs:
	test:
	name: Trivy check for sub repos
	runs-on: [self-hosted, regular]

	steps:
	- name: Run Trivy vulnerability scanner in image mode
	run: \|
	success=1
	image_name=$MODULES_REGISTRY/$MODULE_SOURCE_NAME
	image_name_with_tag=$MODULES_REGISTRY/$MODULE_SOURCE_NAME:MODULES_MODULE_TAG
	crane export $image_name_with_tag \| tar -xOf - images_digests.json \| jq -c 'to_entries[]' \| while read -r item; do
	key=$(echo "$item" \| jq -r '.key')
	value=$(echo "$item" \| jq -r '.value')

	echo 'Checking image '$key' '$value

	trivy image --quiet --format table $image_name@$value

	result=$(trivy image --quiet --format json $image_name@$value)

	vulnerabilities=$(echo "result" \| jq '.Results[].Vulnerabilities \| length' 2>/dev/null)

	if [ -z "vulnerabilities" ]; then
	echo "There are no vulnerabilities in image"
	else
	echo "There are vulnerabilities in image"
	success=0
	fi
	done

	if [[ $success -eq 0 ]]; then
	exit 1
	fi

Provide feedback