(feat/container-scanning): Integrate container and cve scanning post …

[saisatishkarra]

…publishing

Summary

• Integrate container and CVE scanning after publishing to registry
• Support container scanning for statically defined amd64 / arm64 platforms
• Use Syft for generating SBOMS for container
• Use Grype for CVE scanning
• Uploads the scan assets (SBOM, CVE report) as workflow assets

Expected outcome

• Visibility into packages and licenses within container images
• Visibility into CVE's for AMD and ARM platforms

Checklist

• The Pull Request has tests
• There's an entry in the CHANGELOG
• There is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE

Full changelog

• [Implement ...]

Issue reference

Fix #[issue number]

[CLAassistant]

All committers have signed the CLA.

[curiositycasualty]

Overall this looks good. I've penned up some minor improvements in #10273

[mashapedeployment]

The backport to release/2.8.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-release/2.8.x release/2.8.x
# Navigate to the new working tree
cd .worktrees/backport-release/2.8.x
# Create a new branch
git switch --create backport-10272-to-release/2.8.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 d9bdd828f92c25c50e5d39d6d53a2fbac443771c
# Push it to GitHub
git push --set-upstream origin backport-10272-to-release/2.8.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-release/2.8.x

Then, create a pull request where the base branch is release/2.8.x and the compare/head branch is backport-10272-to-release/2.8.x.

[mashapedeployment]

The backport to release/3.1.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-release/3.1.x release/3.1.x
# Navigate to the new working tree
cd .worktrees/backport-release/3.1.x
# Create a new branch
git switch --create backport-10272-to-release/3.1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 d9bdd828f92c25c50e5d39d6d53a2fbac443771c
# Push it to GitHub
git push --set-upstream origin backport-10272-to-release/3.1.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-release/3.1.x

Then, create a pull request where the base branch is release/3.1.x and the compare/head branch is backport-10272-to-release/3.1.x.

[mashapedeployment]

The backport to release/3.2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-release/3.2.x release/3.2.x
# Navigate to the new working tree
cd .worktrees/backport-release/3.2.x
# Create a new branch
git switch --create backport-10272-to-release/3.2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 d9bdd828f92c25c50e5d39d6d53a2fbac443771c
# Push it to GitHub
git push --set-upstream origin backport-10272-to-release/3.2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-release/3.2.x

Then, create a pull request where the base branch is release/3.2.x and the compare/head branch is backport-10272-to-release/3.2.x.

[fffonion]

@saisatishkarra I just realized I left comment only on the backport PR on release/3.2.x branch and didn't
see this one. This PR needs some adjustment, please see my comment at the EE PR.