Add scheduled go security scan

Signed-off-by: Sivanantham Chinnaiyan <[email protected]>

.github/workflows/go-security-scan.yml

@@ -0,0 +1,30 @@
+name: "Go Security Scan"
+
+# Run workflow each time code is pushed to your repository and on a schedule.
+# The scheduled workflow runs every Sunday at 00:00 UTC time.
+on:
+  push:
+  schedule:
+    - cron: '0 0 * * 0'
+  workflow_dispatch: { }
+
+jobs:
+  go-src-scan:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: '-no-fail -fmt=sarif -out=go-security-scan-results.sarif -exclude-dir=./pkg/client -exclude-dir=./pkg/clientv1alpha1 ./pkg/... ./cmd/...'
+
+      - name: Upload SARIF file to Github Code Scanning
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: go-security-scan-results.sarif
+          category: gosec-tool