Update .gitea/workflows/mobsf.yml

.gitea/workflows/mobsf.yml

@@ -1,35 +1,26 @@
-name: MobSF Security Scanning
-on: 
-  push:
-    branches: [ main, master ]
-  pull_request:
+name: MobSF Container Scan
+on: [push]
 
 jobs:
-  mobsf-analysis:
+  mobsf-scan:
     runs-on: ubuntu-latest
+    # This tells Gitea to run the whole job INSIDE the MobSF container
+    container:
+      image: opensecurity/mobsfscan:latest
+
     steps:
-      # 1. Pull the code from your Gitea repository into the runner workspace
+      # Step 1: Git checkout still works inside the container
       - name: Checkout Code
         uses: https://github.com/actions/checkout@v4
 
-      # 2. (Optional) Verification step to see where your code is
-      - name: Verify Workspace
+      # Step 2: Run the command directly (it's already installed!)
+      - name: Run Scan
         run: |
-          echo "Current Path: $(pwd)"
-          ls -F
+          mobsfscan . --html --output report.html || true
 
-      # 3. Run MobSF Static Analysis
-      # This will automatically detect Flutter, React Native, and Swift files
-      - name: MobSF Scan
-        uses: https://github.com/MobSF/mobsfscan@main
-        with:
-          # '.' tells MobSF to scan the code checked out in step 1
-          args: '. --html --output report.html || true'
-
-      # 4. Upload the result to Gitea using the link you provided
-      - name: Upload Report to Gitea
+      # Step 3: Upload the report
+      - name: Upload Report
         uses: https://gitea.com/actions/upload-artifact@v3
         with:
-          name: Security-Analysis-Report
-          path: report.html
-          retention-days: 5
+          name: container-security-report
+          path: report.html