tfsec to Trivy scanning (#7905)

* deleted tf sec and replaced it with trivy

* added a User to Dockerfile and gave user permissions to complete actions

* updated to run trivy on a push to main

.github/workflows/trivy.yml

@@ -0,0 +1,32 @@
+name: trivy
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  trivy:
+    name: trivy
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'fs'
+          scan-ref: 'ops/'
+          scanners: 'vuln,secret,misconfig'
+          exit-code: '1'
+          ignore-unfixed: false
+          format: 'table'
+          severity: 'CRITICAL,HIGH'

ops/services/container_instances/db_client/image/Dockerfile

@@ -1,10 +1,24 @@
 FROM alpine:3.20
 RUN apk --no-cache add postgresql14-client
 RUN apk add --no-cache bash
+ARG UID=10001
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    dockeruser
+RUN echo 'dockeruser ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers sudo
 RUN unset HISTFILE
 RUN bash -ic 'unset HISTFILE'
 RUN bash -ic 'set +o history'
 RUN echo 'unset HISTFILE' >> /etc/profile.d/disable.history.sh
+USER dockeruser
+WORKDIR /home/dockeruser
 RUN echo $(psql --version) >> /tmp/psql_version
 ENV PSQL_HISTORY=/export/.psql_history
-ENTRYPOINT ["tail", "-f", "/dev/null"]
+ENTRYPOINT ["tail", "-f", "/dev/null"]
+
+