feat: add security scan #29

	on:
	pull_request:
	branches:
	- master
	push:
	branches:
	- master

	permissions:
	contents: write
	pull-requests: write
	security-events: write

	name: release-please

	jobs:
	scan:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Checkov
	uses: bridgecrewio/checkov-action@v12
	with:
	soft_fail: true

	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@v3
	if: success() \|\| failure()
	with:
	sarif_file: results.sarif

	release:
	runs-on: ubuntu-latest
	steps:
	- uses: google-github-actions/release-please-action@v4
	with:
	release-type: simple

Provide feedback