chore: add lint stage trivy fs check

.github/workflows/build.yaml

@@ -65,11 +65,13 @@ jobs:
         uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: ghcr.io/srl-labs/clabernetes/clabernetes-manager:${{ env.COMMIT_HASH }}
-          format: table
+          format: github
+          output: clabernetes-manager.sbom.json
           exit-code: 1
           ignore-unfixed: true
           vuln-type: os,library
           severity: CRITICAL,HIGH
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
 
       # note: the launcher is beyond hope for so many reasons, so...
       # we'll skip running this on that guy and just hit the manager/ui :)
@@ -78,11 +80,13 @@ jobs:
         uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: ghcr.io/srl-labs/clabernetes/clabernetes-ui:${{ env.COMMIT_HASH }}
-          format: table
+          format: github
+          output: clabernetes-ui.sbom.json
           exit-code: 1
           ignore-unfixed: true
           vuln-type: os,library
           severity: CRITICAL,HIGH
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
 
       - name: <on main> build and push images and helm chart
         if: github.ref_name == 'main'

.github/workflows/lint.yaml

@@ -44,5 +44,17 @@ jobs:
             https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh |
             sh -s -- -b $(go env GOPATH)/bin ${{ env.GOLANGCI_LINT_VERSION }}
 
-      - name: run the linter
+      - name: run the linters
         run: make lint
+
+      - name: run trivy - fs
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          scan-type: fs
+          exit-code: 1
+          ignore-unfixed: true
+          vuln-type: os,library
+          severity: CRITICAL,HIGH
+          scanners: config
+          skip-dirs: ui/.next,charts,e2e
+          skip-files: build/clabverter.Dockerfile,build/launcher.Dockerfile