feat: add nightly grype vuln scan to kaniko executor image (#2970)

.github/workflows/nightly-vulnerability-scan.yml

@@ -0,0 +1,47 @@
+name: Nightly Vulnerability Scan
+
+on:
+  schedule:
+    # Schedule to run every night at midnight
+    - cron: '0 0 * * *'
+
+jobs:
+  vulnerability-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Grype
+        run: |
+          # Install Grype
+          curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
+
+      - name: Get latest commit SHA of Kaniko project
+        id: get-commit
+        run: |
+          LATEST_COMMIT_SHA=$(git rev-parse HEAD)
+          echo "Latest commit SHA: $LATEST_COMMIT_SHA"
+          echo "::set-output name=sha::$LATEST_COMMIT_SHA"
+
+      - name: Scan the latest CI/CD image
+        run: |
+          IMAGE_ID="gcr.io/kaniko-project/executor:${{ steps.get-commit.outputs.sha }}"
+          echo "Scanning image $IMAGE_ID"
+          grype $IMAGE_ID > grype-output.txt
+
+      - name: Check for vulnerabilities and create an issue
+        run: |
+          if grep -q 'No vulnerabilities found' grype-output.txt; then
+            echo "No vulnerabilities found."
+          else
+            # Create a GitHub issue using GitHub CLI or another method
+            gh issue create --title "Vulnerabilities Found in Nightly Scan" --body "Vulnerabilities found in the latest image scan. Please check the attached report." --file grype-output.txt
+          fi
+
+      - name: Upload scan result as artifact (optional)
+        uses: actions/upload-artifact@v2
+        with:
+          name: grype-scan-report
+          path: grype-output.txt