From b8f32308c0b6bf736d97c2f24aa20643b8b583ae Mon Sep 17 00:00:00 2001
From: Jan-Marlon Leibl <jleibl@proton.me>
Date: Tue, 27 May 2025 13:14:11 +0200
Subject: [PATCH] ci: update vulnerability check to use Trivy scan

---
 .gitea/workflows/ci.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 5a69e48..8c5152f 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -198,8 +198,10 @@ jobs:
       - name: Install dependencies (if cache miss)
         run: bun install --frozen-lockfile
 
-      - name: Run security audit
-        run: bun audit --audit-level moderate
-
-      - name: Run dependency vulnerability check
-        run: bunx audit-ci --moderate --report-type summary
+      - name: Run Trivy vulnerability scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'sarif'
+          output: 'trivy-results.sarif'