ci: add gosec to PRs and main (#750)

* ci: add gosec to PRs and main

* use informalsystems gosec

* add SARIF

* commit to test

* comment changes

Co-authored-by: Federico Kunze Küllmer <federico.kunze94@gmail.com>
Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

.github/workflows/security.yml

@@ -0,0 +1,34 @@
+name: Run Gosec
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '**'
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2.4.0
+      # - uses: technote-space/get-diff-action@v5
+      #   with:
+      #     SUFFIX_FILTER: |
+      #       .go
+      #       .mod
+      #       .sum
+      - name: Run Gosec Security Scanner
+        uses: informalsystems/gosec@master
+        with:
+          args: ./...
+          # we let the report trigger content trigger a failure using the GitHub Security features.
+      #     args: '-no-fail -fmt sarif -out results.sarif ./...'
+      # - name: Upload SARIF file
+      #   uses: github/codeql-action/upload-sarif@v1
+      #   with:
+      #     # Path to SARIF file relative to the root of the repository
+      #     sarif_file: results.sarif
+        # if: "env.GIT_DIFF != ''"

tests/solidity/suites/staking/.github/workflows/ci_contracts.yml

@@ -2,17 +2,19 @@ name: contracts
 
 on:
   push:
-    branches: master
+    branches: 
+      - main
   pull_request:
-    branches: '*'
+    branches: 
+      - '*'
 
 jobs:
   CI:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.4.0
       - name: Install node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2.4.1
         with:
           node-version: 12
       - name: Install