From 56ba11d717afa459cd298e6510fbf6c27aaa76d0 Mon Sep 17 00:00:00 2001
From: alpha-nerd <alpha-nerd@noreply.localhost>
Date: Wed, 13 May 2026 07:22:39 +0200
Subject: [PATCH] =?UTF-8?q?.forgejo/workflows/nyxscanner.yml=20hinzugef?=
 =?UTF-8?q?=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .forgejo/workflows/nyxscanner.yml | 44 +++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 .forgejo/workflows/nyxscanner.yml

diff --git a/.forgejo/workflows/nyxscanner.yml b/.forgejo/workflows/nyxscanner.yml
new file mode 100644
index 0000000..ffe47fa
--- /dev/null
+++ b/.forgejo/workflows/nyxscanner.yml
@@ -0,0 +1,44 @@
+name: NYX Security Scan
+
+on:
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  nyx-scan:
+    runs-on: docker-amd64  # eine Architektur reicht für SAST
+
+    steps:
+      - name: Checkout target repo
+        uses: actions/checkout@v4
+
+      - name: Checkout nyx from Forgejo mirror
+        uses: actions/checkout@v4
+        with:
+          repository: apunkt/nyx
+          # URL deiner Forgejo-Instanz:
+          server_url: https://deine-forgejo-instanz.example.com
+          ref: master
+          path: .nyx-src
+
+      - name: Install Rust
+        uses: https://github.com/actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: stable
+
+      - name: Build nyx from source
+        run: |
+          cd .nyx-src
+          cargo build --release
+          sudo cp target/release/nyx /usr/local/bin/nyx
+
+      - name: Run NYX scan
+        run: |
+          nyx scan --format sarif --fail-on MEDIUM > nyx-results.sarif
+
+      - name: Upload results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: nyx-sarif-report
+          path: nyx-results.sarif
\ No newline at end of file