Update .gitea/workflows/mobsf.yml

.gitea/workflows/mobsf.yml

@@ -4,29 +4,27 @@ on: [push]
 jobs:
   mobsf-analysis:
     runs-on: ubuntu-latest
-    env:
-      # This fixes the 'externally-managed-environment' error
-      PIP_BREAK_SYSTEM_PACKAGES: 1
-    
     steps:
       - name: Checkout Code
         uses: https://github.com/actions/checkout@v4
 
-      - name: Run mobsfscan
-        # Use the MobSF action directly
-        uses: https://github.com/MobSF/mobsfscan@main
-        with:
-          # '.' scans the whole repo. '--no-fail' prevents the pipeline from
-          # stopping if it finds a bug, so we can still get the report.
-          args: '. --html --output report.html --no-fail'
-
-      # Safety step: if MobSF finds 0 bugs, it might not create the file.
-      # We create a dummy file if it's missing so the Upload step doesn't crash.
-      - name: Ensure Report Exists
+      # We manually install and run mobsfscan in a venv to avoid OS conflicts
+      - name: Run MobSF Scan
         run: |
-          if [ ! -f report.html ]; then
-            echo "<html><body><h1>Scan Complete</h1><p>No vulnerabilities found.</p></body></html>" > report.html
-          fi
+          # 1. Setup a clean virtual environment
+          python3 -m venv .mobsf_venv
+          source .mobsf_venv/bin/activate
+          
+          # 2. Install mobsfscan inside the venv
+          python3 -m pip install --upgrade pip
+          python3 -m pip install mobsfscan
+          
+          # 3. Create the report placeholder
+          echo "<html><body><h1>Scan Results</h1><p>No issues.</p></body></html>" > report.html
+          
+          # 4. Run the scan on your app directory specifically
+          # We use || true so the pipeline continues even if it finds bugs
+          mobsfscan --html --output report.html app/src/main || true
 
       - name: Upload Report to Gitea
         uses: https://gitea.com/actions/upload-artifact@v3