[add] weekly CVE scanning action

[luojiyin1987]

Checklist（清单）:

https://github.com/marketplace/actions/cve-lite-cli

• Labels
• Assignees
• Reviewers

Closes #70

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)

• .github/workflows/self-scan.yml is excluded by none and included by none
• README.md is excluded by !**/*.md and included by none

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 73580117-866a-47d7-97b5-3c5dffa8f8a8

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/self-scan-action

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[TechQuery]

给 Read Me 头部加个这个工作流的 badge 吧。

[luojiyin1987]

@TechQuery 已经添加 self scan status 的svg 图标

[dosubot]

Documentation Updates

1 document(s) were updated by changes in this PR:

CI/CD and Deployment Automation

View Changes

@@ -2,6 +2,8 @@
 
 ### GitHub Actions CI/CD Pipeline
 The project uses GitHub Actions workflows for continuous integration and deployment. Workflow files are located in the `.github/workflows` directory and include jobs for building, testing, and deploying the application. For example, the `main.yml` workflow is triggered on every push to any branch. It checks out the code, runs build steps, and, if configured, deploys to Vercel. Environment secrets such as `VERCEL_TOKEN`, `VERCEL_ORG_ID`, and `VERCEL_PROJECT_ID` are required for deployment steps. The workflow uses the Vercel CLI to deploy, and production deployments are triggered when the branch is `main` [(source)](https://github.com/Open-Source-Bazaar/Open-Source-Bazaar.github.io/blob/f5df98635f7a8bdab44cded44633ecbc3145a73f/.github/workflows/main.yml).
+
+The `self-scan.yml` workflow performs automated security scanning using OWASP cve-lite-cli to identify vulnerabilities in project dependencies. This workflow runs weekly every Monday at 3:00 AM UTC and can also be triggered manually via workflow_dispatch. The scan is configured with verbose output enabled and fails when high severity vulnerabilities are detected [(source)](https://github.com/Open-Source-Bazaar/Open-Source-Bazaar.github.io/blob/f5df98635f7a8bdab44cced44633ecbc3145a73f/.github/workflows/self-scan.yml).
 
 Other repositories may include additional workflows such as `deploy-production.yml`, `init-template.yml`, and `publish-type.yml` for specialized deployment and initialization tasks [(source)](https://github.com/Open-Source-Bazaar/ActivityHub-service/pull/8).
 

^{How did I do? Any feedback?}