sdsa

.gitea/workflows/azure-pipelines.yml

@@ -39,11 +39,12 @@ jobs:
           mkdir -p "${HOME}/bin"
           curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b "${HOME}/bin" v0.70.0
           echo "${HOME}/bin" >> "${GITHUB_PATH}"
-          trivy --version
+          "${HOME}/bin/trivy" --version
 
+      # Use "${HOME}/bin/trivy" — act/Gitea may not prepend GITHUB_PATH before the next step.
       - name: Trivy filesystem scan
         run: |
-          trivy fs -f json -o report.json \
+          "${HOME}/bin/trivy" fs -f json -o report.json \
             --skip-dirs node_modules,android/.gradle,android/build,ios/Pods,ios/build,.git \
             --exit-code 0 \
             .