Updated vulnerabilities checks & workflows (#2941)

.github/workflows/vulncheck.yaml

@@ -0,0 +1,51 @@
+name: Vulnerability Check
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
+jobs:
+  vulncheck:
+    name: Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.20.x
+          check-latest: true
+      - name: Get official govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+        shell: bash
+      - name: Run govulncheck
+        run: govulncheck ./...
+        shell: bash
+
+  react-code-known-vulnerabilities:
+    name: "React Code Has No Known Vulnerable Deps"
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: [ 1.20.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NVMRC }}
+          cache: "yarn"
+          cache-dependency-path: portal-ui/yarn.lock
+      - name: Checks for known security issues with the installed packages
+        working-directory: ./portal-ui
+        continue-on-error: false
+        run: |
+          yarn audit --groups dependencies