- Update security scan workflow to utilize a dedicated script for checking secrets, improving detection accuracy.
- Modify database connection setup in multiple scripts to use an environment variable fallback for DATABASE_URL, enhancing flexibility in different environments.
- Update CI/CD workflow to use specific Trivy version and change output format for vulnerability results.
- Add fallback npm audit step in case Trivy scan fails.
- Create a new security scan workflow that runs on push and pull request events, including scheduled scans.
- Introduce a security scan script to perform npm audit, Trivy scans, and check for potential secrets in the codebase.
- Ensure results are uploaded as artifacts for review and maintain retention policies for scan results.
