ci: add osv scanner #4

	name: Security Scan

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]
	schedule:
	- cron: '0 0 * * 0' # Run once a week at midnight on Sunday

	# Set explicit permissions for the GITHUB_TOKEN to enhance security
	permissions:
	contents: read

	jobs:
	scan:
	name: OSV Security Scan
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Setup Node.js
	uses: actions/setup-node@v3
	with:
	node-version: 22
	cache: 'yarn'

	- name: Install dependencies
	run: yarn install

	# Run OSV Scanner on all packages in the monorepo
	- name: Run OSV Scanner
	uses: google/osv-scanner/actions/scanner@main
	with:
	path: .
	recursive: true
	config: osv-scanner.toml

	# Scan CLI package separately
	- name: Run OSV Scanner on CLI package
	uses: google/osv-scanner/actions/scanner@main
	with:
	path: packages/cli

	# Scan Service package separately
	- name: Run OSV Scanner on Service package
	uses: google/osv-scanner/actions/scanner@main
	with:
	path: packages/service

	# Scan Dashboard package separately
	- name: Run OSV Scanner on Dashboard package
	uses: google/osv-scanner/actions/scanner@main
	with:
	path: packages/dashboard

Provide feedback