From 7293c956591977515a3446902e0d196276fd96e8 Mon Sep 17 00:00:00 2001
From: Naomi Carrigan <commits@nhcarrigan.com>
Date: Thu, 11 Dec 2025 13:36:05 -0800
Subject: [PATCH] use pipx as recommended in docs

---
 .gitea/workflows/security.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/security.yml b/.gitea/workflows/security.yml
index a6ff1e1..658b586 100644
--- a/.gitea/workflows/security.yml
+++ b/.gitea/workflows/security.yml
@@ -9,6 +9,7 @@ on:
     # Run weekly on Mondays at 00:00 UTC
     - cron: '0 0 * * 1'
   workflow_dispatch:
+  continue_on_error: true
 
 jobs:
   trivy-scan:
@@ -62,7 +63,11 @@ jobs:
           fi
 
       - name: Install Semgrep
-        run: python3 -m pip install semgrep
+        run: |
+          sudo apt-get install pipx
+          pipx ensurepath
+          pipx install semgrep
+          semgrep --version
 
       # Static code analysis with Semgrep
       - name: Run Semgrep static analysis
@@ -71,7 +76,8 @@ jobs:
             --config p/owasp-top-ten \
             --config p/ci \
             --config p/security \
-            . > semgrep-results.txt
+            --output semgrep-results.txt \
+            .
 
       # Display Semgrep results
       - name: Display Semgrep scan results