diff --git a/.woodpecker.yml b/.woodpecker.yml
index 0b0cffc..76b116b 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -81,11 +81,24 @@ steps:
     commands:
       - echo "nameserver 1.1.1.1" > /etc/resolv.conf
       - echo "nameserver 1.0.0.1" >> /etc/resolv.conf
-      - echo "=== Verifying package-lock.json versions ==="
-      - grep -A2 '"node_modules/glob"' package-lock.json | head -5
-      - grep -A2 '"node_modules/mime"' package-lock.json | head -5
+      - echo "=== DEBUG: Git commit ==="
+      - git rev-parse HEAD | cat
+      - echo "=== DEBUG: package-lock.json exists? ==="
+      - ls -la package-lock.json
+      - echo "=== DEBUG: package-lock.json hash ==="
+      - sha256sum package-lock.json | cat
+      - echo "=== DEBUG: glob version in lockfile ==="
+      - grep -A3 '"node_modules/glob"' package-lock.json | head -5 || echo "glob not found"
+      - echo "=== DEBUG: mime version in lockfile ==="
+      - grep -A3 '"node_modules/mime"' package-lock.json | head -5 || echo "mime not found"
+      - echo "=== DEBUG: tar version in lockfile ==="
+      - grep -A3 '"node_modules/tar"' package-lock.json | head -5 || echo "tar not found"
+      - echo "=== DEBUG: Check for vulnerable versions ==="
+      - grep -E '10\.4\.5|6\.2\.1|7\.4\.3|1\.2\.7' package-lock.json || echo "No vulnerable versions found"
+      - echo "=== DEBUG: Trivy version ==="
       - trivy --version | cat
-      - trivy fs --scanners vuln,misconfig --severity HIGH,CRITICAL --exit-code 0 .
+      - echo "=== Running Trivy scan with debug ==="
+      - trivy fs --debug --scanners vuln,misconfig --severity HIGH,CRITICAL --exit-code 0 .
       - trivy fs --scanners vuln,misconfig --severity HIGH,CRITICAL --exit-code 0 Dockerfile
     when:
       branch: main