diff --git a/.gitea/workflows/cicd.yaml b/.gitea/workflows/cicd.yaml
index d929171..3f2bf6a 100644
--- a/.gitea/workflows/cicd.yaml
+++ b/.gitea/workflows/cicd.yaml
@@ -66,10 +66,13 @@ jobs:
           tflint --init
           tflint
 
-      - name: tfsec
-        uses: aquasecurity/tfsec-action@v1.0.0
+      - name: Run Trivy vulnerability scanner in IaC mode
+        uses: aquasecurity/trivy-action@0.28.0
         with:
-          soft_fail: true
+          scan-type: 'config'
+          hide-progress: true
+          exit-code: '1'
+          severity: 'CRITICAL,HIGH'
 
   terraform-plan:
     name: Terraform Plan