chore: add trivy as a second security scanner

Closes #393

Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>

Author: sxd

.github/actions/security-scans/action.yml

@@ -62,3 +62,27 @@ runs:
       if: ${{ steps.snyk.outcome == 'success' }}
       with:
         sarif_file: snyk.sarif
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@0.33.1
+      id: trivy
+      continue-on-error: true
+      with:
+        image-ref: '${{ inputs.image }}'
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v4
+      if: ${{ steps.trivy.outcome == 'success' }}
+      with:
+        sarif_file: 'trivy-results.sarif'
+
+    - name: Review Security checks
+      if: |
+        steps.snyk.outcome != 'success' &&
+        steps.trivy.outcome != 'success'
+      shell: bash
+      run: |
+        echo "Snyk or Trivy check failed"
+        exit 1