add vulnerability scanning github action

.github/workflows/vulnerability-scan.yml

@@ -0,0 +1,49 @@
+name: Run vulnerability scans and comment on PR
+on: pull_request
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  snyk:
+    name: Snyk Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/golang@master
+        continue-on-error: true # To make sure that PR comment is made
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: --severity-threshold=high > snyk-results.txt
+      - name: Add Snyk scan results to PR
+        uses: mshick/add-pr-comment@v2
+        with:
+          message-path: snyk-results.txt
+  trivy:
+    name: Trivy Scan
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build an image from Dockerfile
+        run: |
+          IMAGE_TAG="$(./tools/image-tag)"
+          make loki-image
+          echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: "docker.io/grafana/loki:${{ env.IMAGE_TAG }}"
+          format: "table"
+          output: "trivy-results.txt"
+
+      - name: Add Trivy scan results to PR
+        uses: mshick/add-pr-comment@v2
+        with:
+          message-path: trivy-results.txt