From ac0ff6465e51e986fb88ce2589390ed4930d55d6 Mon Sep 17 00:00:00 2001
From: tebarius <tba@gmx.li>
Date: Sat, 13 Dec 2025 22:23:34 +0100
Subject: [PATCH] imagescan_action

---
 .gitea/workflows/trivy_scan_image.yml | 29 ++++-----------------------
 1 file changed, 4 insertions(+), 25 deletions(-)

diff --git a/.gitea/workflows/trivy_scan_image.yml b/.gitea/workflows/trivy_scan_image.yml
index d4b9a74..f960fdd 100644
--- a/.gitea/workflows/trivy_scan_image.yml
+++ b/.gitea/workflows/trivy_scan_image.yml
@@ -16,31 +16,10 @@ env:
 jobs:
   release-image:
     runs-on: ubuntu-latest
-
+    container: aquasec/trivy:latest
     steps:
       - name: Scan image with trivy
-        uses: aquasecurity/trivy-action@0.33.1
-        with:
-          image-ref: "${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }}"
-          scan-type: image
-          hide-progress: false
-          ignore-unfixed: true
-          severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
-          scanners: "vuln,misconfig,secrets"
-          output: trivy.txt
-        env:
-          TRIVY_USERNAME: "${{ env.user }}"
-          TRIVY_PASSWORD: "${{ secrets.DOCKER_PULL_TOKEN }}"
-      - name: Publish Trivy Output to Summary
         run: |
-          if [[ -s trivy.txt ]]; then
-            {
-              echo "### Security Output"
-              echo "<details><summary>Click to expand</summary>"
-              echo ""
-              echo '```terraform'
-              cat trivy.txt
-              echo '```'
-              echo "</details>"
-            } >> $GITHUB_STEP_SUMMARY
-          fi
+          trivy image --username ${{ env.user }} --password ${{ secrets.DOCKER_PULL_TOKEN }} --exit-code 1 \
+          --scanners vuln,misconfig,secret \
+          ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }}