Add vulnerability scanning to continuous integration tooling

Continuous integration does not currently provide developers with visibility of dependencies and known vulnerabilities.

Today, developers must rely on GitHub Dependabot alerts and manually building and scanning docker images.