From 98c3c0194c83fc0f21f906685627d5c7d1f4dba8 Mon Sep 17 00:00:00 2001
From: Sudo-Ivan <ivan@quad4.io>
Date: Sat, 3 Jan 2026 19:40:13 -0600
Subject: [PATCH] feat(workflows): add OSV-Scanner workflows for pull request
 and scheduled scans

---
 .gitea/workflows/osv-pr.yml        | 21 +++++++++++++++++++++
 .gitea/workflows/osv-scheduled.yml | 20 ++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 .gitea/workflows/osv-pr.yml
 create mode 100644 .gitea/workflows/osv-scheduled.yml

diff --git a/.gitea/workflows/osv-pr.yml b/.gitea/workflows/osv-pr.yml
new file mode 100644
index 0000000..f874e1f
--- /dev/null
+++ b/.gitea/workflows/osv-pr.yml
@@ -0,0 +1,21 @@
+name: OSV-Scanner PR Scan
+
+on:
+    pull_request:
+        branches: [master]
+    merge_group:
+        branches: [master]
+
+permissions:
+    contents: read
+
+jobs:
+    scan-pr:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout
+              uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+            - name: OSV scan
+              run: bash scripts/osv_scan.sh
+
diff --git a/.gitea/workflows/osv-scheduled.yml b/.gitea/workflows/osv-scheduled.yml
new file mode 100644
index 0000000..a3ea11f
--- /dev/null
+++ b/.gitea/workflows/osv-scheduled.yml
@@ -0,0 +1,20 @@
+name: OSV-Scanner Scheduled Scan
+
+on:
+    schedule:
+        - cron: "30 12 * * 1"
+    push:
+        branches: [master]
+
+permissions:
+    contents: read
+
+jobs:
+    scan-scheduled:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout
+              uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+            - name: OSV scan
+              run: bash scripts/osv_scan.sh