diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
index 548f3bb..2671985 100644
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -47,12 +47,13 @@ jobs:
           /tmp/gitleaks detect --source . --no-banner --redact --verbose --exit-code 1
 
       - name: trivy fs scan
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: fs
-          severity: HIGH,CRITICAL
-          exit-code: 1
-          ignore-unfixed: true
+        shell: bash
+        run: |
+          set -euo pipefail
+          TRIVY_VERSION=0.50.0
+          curl -fsSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" \
+            | tar -xz -C /tmp trivy
+          /tmp/trivy fs --severity HIGH,CRITICAL --exit-code 1 --no-progress --skip-dirs node_modules,target,dist .
 
   test:
     runs-on: docker