sharang
7da3f3208b
The trivy-action does an internal actions/checkout against github.com/aquasecurity/trivy, which fails on Gitea (act_runner injects Gitea creds; clone returns exit 128). Switch to the same inline-download pattern we use for gitleaks. Refs: M0.2