From bc5440f99f9899bf668c275d809308d3eec19904 Mon Sep 17 00:00:00 2001
From: Naomi Carrigan <commits@nhcarrigan.com>
Date: Thu, 11 Dec 2025 15:08:55 -0800
Subject: [PATCH] feat: add osv-scanner

---
 .gitea/workflows/security.yml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/.gitea/workflows/security.yml b/.gitea/workflows/security.yml
index b572dfe..645066c 100644
--- a/.gitea/workflows/security.yml
+++ b/.gitea/workflows/security.yml
@@ -123,3 +123,33 @@ jobs:
             echo "No Semgrep scan results found"
             exit 1
           fi
+
+      # Need Go
+      - name: Install Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: 'stable' # Latest stable version
+
+      # Install OSV Scanner
+      - name: Install OSV Scanner
+        run: |
+          export PATH="$HOME/go/bin:$PATH"
+          go install github.com/google/osv-scanner/cmd/osv-scanner@latest
+
+      # Run OSV Scanner
+      - name: Run OSV Scanner
+        run: |
+          export PATH="$HOME/go/bin:$PATH"
+          osv-scanner -r scan --format table --output osv-results.txt .
+
+      # Display OSV Scanner results
+      - name: Display OSV Scanner scan results
+        if: always()
+        run: |
+          if [ -f osv-results.txt ]; then
+            echo "=== OSV Scanner Results ==="
+            cat osv-results.txt
+          else
+            echo "No OSV Scanner scan results found"
+            exit 1
+          fi
\ No newline at end of file