From f86943b88474e9d3c1cfed638979ea9d0b0ad823 Mon Sep 17 00:00:00 2001
From: Lukasz Raczylo <lukasz@raczylo.com>
Date: Sun, 4 Jan 2026 02:48:28 +0000
Subject: [PATCH] fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup!
 fixup! fixup! fixup! fixup! perf: build frontend once on runner instead of in
 Docker

---
 Dockerfile.scanner | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Dockerfile.scanner b/Dockerfile.scanner
index 0d8654a..6d668a4 100644
--- a/Dockerfile.scanner
+++ b/Dockerfile.scanner
@@ -16,6 +16,10 @@ RUN apk add --no-cache \
     bash \
     sqlite-libs \
     musl \
+    python3 \
+    py3-pip \
+    npm \
+    go \
     && update-ca-certificates
 
 # Install Trivy for container scanning
@@ -24,6 +28,13 @@ RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/
 # Install Grype for vulnerability scanning
 RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
 
+# Install govulncheck for Go vulnerability scanning
+RUN go install golang.org/x/vuln/cmd/govulncheck@latest && \
+    mv /root/go/bin/govulncheck /usr/local/bin/
+
+# Install pip-audit for Python package vulnerability scanning
+RUN pip3 install --no-cache-dir pip-audit --break-system-packages
+
 # Create non-root user
 RUN addgroup -g 1000 scanner && \
     adduser -D -u 1000 -G scanner scanner