Merge pull request #5983 from XiShanYongYe-Chang/automated-cherry-pic… #1056

	name: image-scanning
	on:
	push:
	# Exclude branches created by Dependabot to avoid triggering current workflow
	# for PRs initiated by Dependabot.
	branches-ignore:
	- 'dependabot/**'
	jobs:
	use-trivy-to-scan-image:
	name: image-scanning
	if: ${{ github.repository == 'karmada-io/karmada' }}
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	matrix:
	target:
	- karmada-controller-manager
	- karmada-scheduler
	- karmada-descheduler
	- karmada-webhook
	- karmada-agent
	- karmada-scheduler-estimator
	- karmada-interpreter-webhook-example
	- karmada-aggregated-apiserver
	- karmada-search
	- karmada-operator
	- karmada-metrics-adapter
	steps:
	- name: checkout code
	uses: actions/checkout@v4
	- name: install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: go.mod
	- name: Build an image from Dockerfile
	run: \|
	export VERSION="latest"
	export REGISTRY="docker.io/karmada"
	make image-${{ matrix.target }}
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
	format: 'sarif'
	ignore-unfixed: true
	vuln-type: 'os,library'
	output: 'trivy-results.sarif'
	- name: display scan results
	uses: aquasecurity/[email protected]
	with:
	image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
	format: 'table'
	ignore-unfixed: true
	vuln-type: 'os,library'
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback