From faf054a65527706ba77080b39fba241cafb4260e Mon Sep 17 00:00:00 2001
From: Hendrik Garske <hendrik@corexmanagement.de>
Date: Sat, 16 May 2026 19:22:02 +0200
Subject: [PATCH] Remove dependency-review job, keep npm audit only

---
 .github/workflows/security.yml | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index e966d60..55918c6 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -1,36 +1,27 @@
 name: Security Scan
 
 on:
-  pull_request:
-    branches: ["**"]
   push:
     branches: [main]
+  pull_request:
+    branches: ["**"]
 
 permissions:
   contents: read
-  pull-requests: write
 
 jobs:
-  dependency-review:
-    name: Dependency Review
-    runs-on: [self-hosted, Linux, X64, docker]
-    if: github.event_name == "pull_request"
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/dependency-review-action@v4
-        with:
-          fail-on-severity: high
-          comment-summary-in-pr: always
-
   audit:
     name: npm Audit
     runs-on: [self-hosted, Linux, X64, docker]
     steps:
       - uses: actions/checkout@v4
+
       - uses: actions/setup-node@v4
         with:
           node-version: "20"
           cache: npm
+
       - run: npm ci --no-audit --no-fund
+
       - run: npm audit --audit-level=high
         continue-on-error: true