From 302ac2a6a38e729f61b84f4747738c5b60898313 Mon Sep 17 00:00:00 2001
From: Hendrik Garske <hendrik@corexmanagement.de>
Date: Sat, 16 May 2026 19:19:16 +0200
Subject: [PATCH] Simplify security scan: remove CodeQL, add npm audit

---
 .github/workflows/security.yml | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 3d80bc5..e966d60 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -8,7 +8,6 @@ on:
 
 permissions:
   contents: read
-  security-events: write
   pull-requests: write
 
 jobs:
@@ -23,15 +22,15 @@ jobs:
           fail-on-severity: high
           comment-summary-in-pr: always
 
-  codeql:
-    name: CodeQL
+  audit:
+    name: npm Audit
     runs-on: [self-hosted, Linux, X64, docker]
-    permissions:
-      security-events: write
     steps:
       - uses: actions/checkout@v4
-      - uses: github/codeql-action/init@v3
+      - uses: actions/setup-node@v4
         with:
-          languages: javascript-typescript
-      - uses: github/codeql-action/autobuild@v3
-      - uses: github/codeql-action/analyze@v3
+          node-version: "20"
+          cache: npm
+      - run: npm ci --no-audit --no-fund
+      - run: npm audit --audit-level=high
+        continue-on-error: true