Vulnerabilities Scan #1266

	name: Vulnerabilities Scan
	on:
	workflow_dispatch:
	pull_request:
	paths:
	- .github/workflows/vulnerabilities_scan.yml
	- .snyk
	- Dockerfile
	push:
	branches:
	- master
	schedule:
	- cron: '0 2 * * *'

	concurrency:
	group: scan-${{ github.event_name == 'pull_request' && github.head_ref \|\| github.sha }}
	cancel-in-progress: true

	jobs:
	scan:
	timeout-minutes: 10
	name: Scan docker image
	env:
	IMAGE_NAME: hazelcast/management-center:${{ github.sha }}
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Code
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build
	uses: docker/build-push-action@v6
	with:
	context: .
	tags: ${{ env.IMAGE_NAME }}
	load: true

	- name: Scan image by Snyk
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: ${{ env.IMAGE_NAME }}
	args: >-
	--file=Dockerfile
	--print-deps
	--exclude-base-image-vulns
	--exclude-app-vulns
	--policy-path=.snyk
	--fail-on=upgradable

	- name: Upload result to GitHub Code Scanning
	uses: github/codeql-action/upload-sarif@v3
	if: ${{ failure() }}
	with:
	sarif_file: snyk.sarif

Provide feedback