diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 6176b81..04ffc73 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -58,12 +58,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: fs
-          severity: "HIGH,CRITICAL"
-          exit-code: "1"
-          ignore-unfixed: "true"
+      - name: Install and run Trivy (filesystem)
+        run: |
+          TRIVY_VERSION=0.58.1
+          curl -sSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" \
+            | tar xz -C /tmp trivy
+          /tmp/trivy fs --severity HIGH,CRITICAL --exit-code 1 --ignore-unfixed --no-progress .
 
   build:
     runs-on: ubuntu-latest
@@ -95,12 +95,13 @@ jobs:
           tags: movieloop-frontend:ci-${{ github.sha }}
           load: true
           cache-from: type=gha
-      - uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: movieloop-frontend:ci-${{ github.sha }}
-          severity: "HIGH,CRITICAL"
-          exit-code: "1"
-          ignore-unfixed: "true"
+      - name: Install and run Trivy (image)
+        run: |
+          TRIVY_VERSION=0.58.1
+          curl -sSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" \
+            | tar xz -C /tmp trivy
+          /tmp/trivy image --severity HIGH,CRITICAL --exit-code 1 --ignore-unfixed --no-progress \
+            movieloop-frontend:ci-${{ github.sha }}
 
   push:
     runs-on: ubuntu-latest