From 85caf24a936615f528355930670b1a24fb0a633d Mon Sep 17 00:00:00 2001
From: Ben Martin <ben@brmartin.co.uk>
Date: Sun, 20 Apr 2025 10:35:23 +0000
Subject: [PATCH] fix(cicd): replace tfsec with trivy

- tfsec is deprecated
---
 .gitea/workflows/cicd.yaml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/cicd.yaml b/.gitea/workflows/cicd.yaml
index d929171..3f2bf6a 100644
--- a/.gitea/workflows/cicd.yaml
+++ b/.gitea/workflows/cicd.yaml
@@ -66,10 +66,13 @@ jobs:
           tflint --init
           tflint
 
-      - name: tfsec
-        uses: aquasecurity/tfsec-action@v1.0.0
+      - name: Run Trivy vulnerability scanner in IaC mode
+        uses: aquasecurity/trivy-action@0.28.0
         with:
-          soft_fail: true
+          scan-type: 'config'
+          hide-progress: true
+          exit-code: '1'
+          severity: 'CRITICAL,HIGH'
 
   terraform-plan:
     name: Terraform Plan