feat(RCSET-11195): Adding sdlc_snyk_container_scan

[SA-SecurityAutomation-OS]

Context

The security team at OutSystems (Host & Network Security) has implemented image scanning at the repository level to enhance the security of the image build process.

• Communications regarding this have been constantly provided and certain teams have added this image scanning as a workflow to their repository
• We have identitifed this repository to be out-of-compliance by not implementing this workflow
• So we are creating this branch by adding the necessary workflow configuration to integrate image scanning seamlessly into the development process.

What to do next:

1. DONOT Merge this PR
2. Git pull this branch
3. Modify the workflow file name FROM security_sdlc_snyk_container_analysis.yaml TO sdlc_snyk_container_analysis.yaml so that you can control this file
4. Commit the changes
5. Push the changes
6. Create a PR
7. Merge the PR
8. Delete the branch

• If your PR is blocked by a CRITICAL/HIGH vulnerability that is fixable, you can ignore it for a fixed period of time by following this process

Jira Issue

RCSET-11195

Impacts

1. Refactor (big refactor on a sensitive asset )
2. Requires revision on public documentation
3. Breaking Change

• Behavioral breaking change
• Breaks existent APIs

4. Workflow will block all your PRs if snyk identifies a CRITICAL/HIGH vulnerability that can be fixed.

• Information on how to work with this workflow can be found here https://docs.google.com/presentation/d/1-nxFjpZ-p6HoGMRV-y3zttAiuWCUho8Z6wE_nFn2MEM

Code Checklist

• Tested
• Documented

Note:

• If merging is blocked by The base branch requires all commits to be signed
• please use the option Merge without waiting for requirements to be met (bypass branch protections) to bypass.

How to contact us

• Slack us : https://outsystems.slack.com/archives/C06PSDG4ZSL

[dnlopes]

This repository does not push images to Eden. I will add the exemption topic to be added here.