ci: scan our 2ms with our 2ms (#184)

- Compile the current code and scan in PR-validation
- Scan with the latest release on push, PR and schedule

With security tools I'm using the latest release and schedule to run a
scan with new rules added to the security tool.

.github/workflows/pr-validation.yml

@@ -33,7 +33,7 @@ jobs:
         run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m --out-format github-actions
 
       - name: Run 2ms Scan
-        run: docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo --config /repo/.2ms.yml
+        run: go run . git . --config /repo/.2ms.yml
 
       - name: Go Test
         run: go test -v ./...

.github/workflows/release.yml

@@ -3,7 +3,7 @@ name: Release
 on:
   workflow_dispatch:
   push:
-    branches: [ master ]
+    branches: [master]
 
 jobs:
   test:
@@ -26,9 +26,6 @@ jobs:
       - name: Go Linter
         run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m
 
-      - name: Run 2ms Scan
-        run: docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo --config /repo/.2ms.yml
-
       - name: Unit Tests
         run: go test ./...
 

.github/workflows/gosec.yml → .github/workflows/security.yml

@@ -1,4 +1,4 @@
-name: gosec
+name: Security Scans
 
 on:
   push:
@@ -27,3 +27,13 @@ jobs:
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: results.sarif
+
+  secret-scanning:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Run 2ms Scan
+        run: docker run -v $(pwd):/repo checkmarx/2ms:latest git /repo --config /repo/.2ms.yml