feat: scan for vulnerabilities #64

	---
	name: CI on Pull Requests

	on:
	pull_request:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	commitlint:
	name: Lint Commit Messages
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: wagoid/commitlint-github-action@v5

	test:
	name: Test Suite
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: dtolnay/rust-toolchain@stable
	with:
	toolchain: stable
	components: rustfmt
	- name: run cargo test
	run: cargo test

	formatting:
	name: Code Formatting
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: dtolnay/rust-toolchain@stable
	with:
	toolchain: stable
	components: rustfmt
	- name: running rustfmt
	run: \|
	files=$(find . -name '*.rs')
	IFS=$'\n'; for file in $files; do
	rustfmt --check "$file"
	done

	scan-for-vulnerabilities:
	name: Scan for Vulnerabilities
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: DeterminateSystems/nix-installer-action@da36cb69b1c3247ad7a1f931ebfd954a1105ef14 # v14
	- run: \|
	nix profile install .#
	nix2sbom -f spdx .# > spdx.json

	- name: Scan SBOM
	uses: anchore/scan-action@v4
	with:
	sbom: "spdx.json"
	output-format: table

Provide feedback