From 9c6a7fd023a0942d94b88ffd67d877bf5a9af9cb Mon Sep 17 00:00:00 2001
From: Betty <betty.bombers@proyon.me>
Date: Tue, 3 Mar 2026 20:16:27 +0100
Subject: [PATCH] post: commit a0760dd in bojemoi

---
 .../commits/2026-03-03-commit-a0760dd.md      | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 content/posts/commits/2026-03-03-commit-a0760dd.md

diff --git a/content/posts/commits/2026-03-03-commit-a0760dd.md b/content/posts/commits/2026-03-03-commit-a0760dd.md
new file mode 100644
index 0000000..5c0568d
--- /dev/null
+++ b/content/posts/commits/2026-03-03-commit-a0760dd.md
@@ -0,0 +1,40 @@
+---
+title: "[bojemoi] ci: add Trivy security scan workflow (misconfig + secrets)"
+date: 2026-03-03T20:16:27+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit a0760dd par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `a0760dd`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `a0760dd8976da397f6270effe123ddba1e4db04a` |
+
+
+### Description
+
+Scans 30+ Dockerfiles and 10 stack YAMLs for HIGH/CRITICAL misconfigurations
+and exposed secrets on every push to main. Advisory mode (exit-code 0) to
+avoid blocking deployments during initial noise triage.
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	.gitea/workflows/trivy.yml
+```
+
+### Diff Summary
+
+```
+ .gitea/workflows/trivy.yml | 34 ++++++++++++++++++++++++++++++++++
+ 1 file changed, 34 insertions(+)
+```