added actions for node and semgrep

.github/workflows/cve-scanning-node.yml

@@ -0,0 +1,24 @@
+name: CVE Scanning for Node.js
+
+on:
+  push:
+    paths:
+      - 'package.json'
+      - 'package-lock.json'
+      - 'allow-list.json'
+      - '.github/workflows/cve-scanning-node.yml'
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [16.x]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+      - run: npm ci --prod
+      - run: npx --yes auditjs ossi --whitelist allow-list.json

.github/workflows/semgrep.yml

@@ -0,0 +1,15 @@
+name: Static code analysis
+
+on: [push, pull_request]
+
+jobs:
+  semgrep:
+    name: run-semgrep
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    steps:
+    - uses: actions/checkout@v3
+    - run: semgrep scan --error --config auto
+      env:
+        SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

allow-list.json

@@ -0,0 +1,4 @@
+{
+    "ignore": [
+    ]
+}