feat: add Trivy IaC workflow and regenerate site

[alismx]

Summary

Adds a Trivy filesystem scanning workflow to CI for IaC vulnerability detection, and regenerates the site with the updated workflow.

Changes

• .github/workflows/trivy.yml: New Trivy IaC workflow that scans the repository for vulnerabilities and misconfigurations on every PR, uploads SARIF results to GitHub Security tab
• site/blog/2026/06/13/devsecops-scan-container-images-with-trivy.html: Renamed from devsecops-scan-container-images-for-vulnerabilities-with-trivy.html
• Site regeneration files: All site/ HTML, search index, and sitemap files regenerated

Why

Consistent with the existing Checkov and Gitleaks workflows on this repo. Trivy complements them with filesystem (IaC) vulnerability scanning — finding CVEs in OS packages and language dependencies across all files, not just IaC config files.

Testing

• Trivy workflow runs successfully on PR creation

Related

• Blog post: Scan Container Images with Trivy

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.