From dfcad66108cfa19f301c3e3b264c62cd9ae80203 Mon Sep 17 00:00:00 2001
From: fsl <1171313930@qq.com>
Date: Fri, 13 Jan 2023 11:40:22 +0800
Subject: [PATCH 1/2] add ci check

Signed-off-by: fsl <1171313930@qq.com>
---
 .github/workflows/main.yaml |  2 +-
 .github/workflows/scan.yml  | 42 +++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/scan.yml

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index d12db57d1dc..9d3ae6d0fbc 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -296,4 +296,4 @@ jobs:
         with:
           fetch-depth: 0
 
-      - run: make image
+      - run: make image
\ No newline at end of file
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
new file mode 100644
index 00000000000..34cbafe1773
--- /dev/null
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,42 @@
+name:  scan vulnerabilities
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-22.04
+    timeout-minutes: 30
+    permissions:
+      contents: read
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+
+      - name: Download trivy
+        run: |
+          pushd $(mktemp -d)
+          wget https://github.com/aquasecurity/trivy/releases/download/v${{ env.TRIVY_VERSION }}/trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
+          tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
+          echo "$(pwd)" >> $GITHUB_PATH
+        env:
+          TRIVY_VERSION: "0.32.1"
+
+      - name: Run trivy on git repository
+        run: |
+          trivy fs --format table --ignore-unfixed --skip-dirs website --security-checks vuln .
+
+      - name: Build docker images
+        run: make image
+
+      - name: Run trivy on images
+        strategy:
+          matrix:
+            target: [ cloudcore, admission, edgesite-agent, edgesite-server, csidriver, iptablesmanager, edgemark, installation-package, controllermanager ]
+        run: |
+            images=`docker images | grep ${{ matrix.target }} | awk '{print $1":"$2}'`
+            for vuln_type in "os" "library"; do
+              trivy image --ignore-unfixed --vuln-type="${vuln_type}" "${images}"
+            done
\ No newline at end of file

From cf2b8a53629c9209c97ac867b70975ed12b7fbd8 Mon Sep 17 00:00:00 2001
From: gy95 <1015105054@qq.com>
Date: Mon, 16 Jan 2023 19:10:36 +0800
Subject: [PATCH 2/2] c

---
 .github/SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index bd20af76794..ba4751e908b 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -1 +1 @@
-For further details please see [Security Policy](https://github.com/kubeedge/community/blob/master/team-security/SECURITY.md) for our security process and how to report vulnerabilities.
\ No newline at end of file
+For further details please see [Security Policy](https://github.com/kubeedge/community/blob/master/team-security/SECURITY.md) for our security process and how to report vulnerabilities.asdfasdf
\ No newline at end of file