Automated container image scanning pipeline using GitHub Actions and Trivy. Builds Docker images, enforces a High/Critical vulnerability gate, and generates HTML reports, SBOMs, and SAST findings. Demonstrates DevSecOps, supply chain security, and CI-based risk controls.

🛡️ Scan container images for vulnerabilities during CI with Trivy, ensuring security and compliance while generating reviewable artifacts.

Dockerfile for build Docker image that may be used for CI pipeline.