build: add vulnerability scan to PR build #1

	name: Security vulnerability scan

	on:
	workflow_call:

	permissions:
	contents: read

	jobs:
	sbom:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'
	- name: Generate SBOM
	run: ./gradlew cyclonedxBom
	- uses: actions/upload-artifact@v4
	with:
	name: cyclonedx-sboms
	path: \|
	core/build/reports/bom.json
	isthmus/build/reports/bom.json
	isthmus-cli/build/reports/bom.json
	scan:
	needs: sbom
	runs-on: ubuntu-latest
	continue-on-error: true
	permissions:
	security-events: write
	strategy:
	fail-fast: false
	matrix:
	project:
	- core
	- isthmus
	- isthmus-cli
	steps:
	- uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1
	with:
	download-artifact: cyclonedx-sboms
	scan-args: \|-
	--sbom=${{ matrix.project }}/build/reports/bom.json

Provide feedback