From 69253a7e0db71993bf99776df63c715d5d30dd46 Mon Sep 17 00:00:00 2001
From: alpha-nerd <alpha-nerd@noreply.localhost>
Date: Wed, 13 May 2026 07:18:17 +0200
Subject: [PATCH] nyx security scanner integration

---
 .forgejo/workflows/nyxscanner.yml | 44 +++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 .forgejo/workflows/nyxscanner.yml

diff --git a/.forgejo/workflows/nyxscanner.yml b/.forgejo/workflows/nyxscanner.yml
new file mode 100644
index 0000000..7c9313f
--- /dev/null
+++ b/.forgejo/workflows/nyxscanner.yml
@@ -0,0 +1,44 @@
+name: NYX Security Scan
+
+on:
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  nyx-scan:
+    runs-on: docker-amd64  # eine Architektur reicht für SAST
+
+    steps:
+      - name: Checkout target repo
+        uses: actions/checkout@v4
+
+      - name: Checkout nyx from Forgejo mirror
+        uses: actions/checkout@v4
+        with:
+          repository: apunkt/nyx
+          # URL deiner Forgejo-Instanz:
+          server_url: https://bitfreedom.net/code/
+          ref: master
+          path: .nyx-src
+
+      - name: Install Rust
+        uses: https://github.com/actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: stable
+
+      - name: Build nyx from source
+        run: |
+          cd .nyx-src
+          cargo build --release
+          sudo cp target/release/nyx /usr/local/bin/nyx
+
+      - name: Run NYX scan
+        run: |
+          nyx scan --format sarif --fail-on MEDIUM > nyx-results.sarif
+
+      - name: Upload results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: nyx-sarif-report
+          path: nyx-results.sarif
\ No newline at end of file