new/pipeline (#6)

Reviewed-on: #6
Co-authored-by: jake <jake.young.dev@gmail.com>
Co-committed-by: jake <jake.young.dev@gmail.com>

.gitea/workflows/security.yaml

@@ -0,0 +1,25 @@
+name: "code scans"
+on: [push, pull_request] #runs on pushes to any branch
+
+jobs:
+  scans:
+    runs-on: smoke-test
+    steps:
+      - name: "clone code"
+        uses: actions/checkout@v4
+      
+      - name: "install go"
+        uses: https://code.jakeyoungdev.com/actions/install-go@v0.1.3
+        with:
+          commands: |
+              golang.org/x/vuln/cmd/govulncheck@latest
+
+      - name: "dependency and stdlib scan"
+        uses: https://code.jakeyoungdev.com/actions/report-vulns@master
+        with:
+          manager: go
+
+      - name: "static code analysis"
+        uses: securego/gosec@master
+        with:
+          args: ./...