From e6841cd5f869b15a8d48496b208349f454a8641f Mon Sep 17 00:00:00 2001
From: Miguel Jacq <mig@mig5.net>
Date: Thu, 13 Nov 2025 14:56:19 +1100
Subject: [PATCH] try trivy again

---
 .forgejo/workflows/trivy.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .forgejo/workflows/trivy.yml

diff --git a/.forgejo/workflows/trivy.yml b/.forgejo/workflows/trivy.yml
new file mode 100644
index 0000000..b5ed70a
--- /dev/null
+++ b/.forgejo/workflows/trivy.yml
@@ -0,0 +1,24 @@
+name: Trivy
+
+on:
+  push:
+
+jobs:
+  test:
+    runs-on: docker
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install system dependencies
+        run: |
+          DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends wget gnupg
+          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | tee /usr/share/keyrings/trivy.gpg > /dev/null
+          echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | tee -a /etc/apt/sources.list.d/trivy.list
+          apt-get update
+          DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends trivy
+
+      - name: Run trivy
+        run: |
+          trivy fs --ignore-unfixed --format table --disable-telemetry .