chart security scan (#145)

* feat: add stale workflow for issues

* feat: add trivy to scan chart

.github/workflows/charts.yml

@@ -76,6 +76,17 @@ jobs:
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
         continue-on-error: true
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'config'
+          scan-ref: '.'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
 
   k8s-test:
     runs-on: ubuntu-latest

.github/workflows/stale.yml

@@ -0,0 +1,14 @@
+name: 'Close stale issues'
+on:
+  schedule:
+    - cron: '30 3 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          stale-issue-message: 'This issue is stale because it has been open 15 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
+          days-before-stale: 15
+          days-before-close: 5