Add vulnerability check

.github/workflows/ci-build.yml

@@ -65,6 +65,13 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
+      - name: Run vulnerability check
+        if: matrix.go == env.DEFAULT_GO && matrix.db == env.DEFAULT_DB
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+          govulncheck -version
+          govulncheck -format text -mode source -scan symbol -show verbose -test ./...
+
   build:
     needs: matrix-build
     runs-on: ubuntu-latest

.github/workflows/dependencies_check.yml

@@ -0,0 +1,37 @@
+name: Report Security Issues
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 3 * * *"
+
+jobs:
+  report_security_issues:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: "bash"
+    permissions:
+      contents: read
+    concurrency:
+      group: ${{ github.workflow }}-report_security_issues
+      cancel-in-progress: true
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        id: go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.22"
+          cache: true
+
+      - name: Install vulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+
+      - name: Print vulncheck version
+        run: govulncheck -version
+
+      - name: Run vulnerability check
+        run: govulncheck -format text -mode source -scan symbol -show verbose -test ./...