sourcefuse
diff --git a/‎.github/workflows/main.yaml‎
Lines changed: 15 additions & 11 deletions b/‎.github/workflows/main.yaml‎
Lines changed: 15 additions & 11 deletions
diff --git a/‎.github/workflows/trivy.yaml‎
Lines changed: 29 additions & 0 deletions b/‎.github/workflows/trivy.yaml‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 0 additions & 3 deletions b/‎README.md‎
Lines changed: 0 additions & 3 deletions
@@ -6,22 +6,26 @@ on:
   pull_request:
     branches: [master]
 
-# This workflow contains a single job called "npm_test"
 jobs:
-  npm_test:
-    # The type of runner that the job will run on
+  node_matrix_tests:
     runs-on: ubuntu-latest
-
-    # Steps represent a sequence of tasks that will be executed as part of the job
+    strategy:
+      matrix:
+        node-version: [20, 22, 24]
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: '18.x'
-
-      - name: Install Dependencies 📌
+          node-version: ${{ matrix.node-version }}
+      - name: Install Dependencies
         run: npm ci
-
-      - name: Run Test Cases 🔧
+      - name: Run Test Cases
         run: npm run test
+
+  npm_test:
+    runs-on: ubuntu-latest
+    needs: node_matrix_tests
+    if: success()
+    steps:
+      - name: Final status
+        run: echo "✅ All tests passed for Node.js 20, 22, and 24"
@@ -0,0 +1,29 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Trivy Scan
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+on:
+  pull_request:
+    branches: [master]
+    types: [opened, synchronize, reopened]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "trivy"
+  trivy:
+    # The type of runner that the job will run on
+    runs-on: [self-hosted, linux, codebuild]
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: "fs"
+          scan-ref: "${{ github.workspace }}"
+          trivy-config: "${{ github.workspace }}/trivy.yml"
@@ -9,9 +9,6 @@
 <a href="https://sonarcloud.io/summary/new_code?id=sourcefuse_loopback4-billing" target="_blank">
 <img alt="Sonar Quality Gate" src="https://img.shields.io/sonar/quality_gate/sourcefuse_loopback4-billing?server=https%3A%2F%2Fsonarcloud.io">
 </a>
-<a href="https://app.snyk.io/org/ashishkaushik/reporting?context[page]=issues-detail&project_target=%255B%2522sourcefuse%252Floopback4-billing%2522%255D&project_origin=%255B%2522github%2522%255D&issue_status=%255B%2522Open%2522%255D&issue_by=Severity&table_issues_detail_cols=SCORE%257CCVE%257CCWE%257CPROJECT%257CEXPLOIT%2520MATURITY%257CINTRODUCED%257CSNYK%2520PRODUCT&v=1">
-<img alt="Synk Status" src="https://img.shields.io/badge/SYNK_SECURITY-MONITORED-GREEN">
-</a>
 <a href="https://github.com/sourcefuse/loopback4-billing/graphs/contributors" target="_blank">
 <img alt="GitHub contributors" src="https://img.shields.io/github/contributors/sourcefuse/loopback4-billing?">
 </a>