fix: 修复 gosec 配置文件格式错误导致 CI 失败
gosec -conf 只支持 JSON 格式,将 .gosec.yaml 转换为 .gosec.json
This commit is contained in:
shaw
2
.github/workflows/security-scan.yml
vendored
2
.github/workflows/security-scan.yml
vendored
@@ -32,7 +32,7 @@ jobs:
|
|||||||
working-directory: backend
|
working-directory: backend
|
||||||
run: |
|
run: |
|
||||||
go install github.com/securego/gosec/v2/cmd/gosec@latest
|
go install github.com/securego/gosec/v2/cmd/gosec@latest
|
||||||
gosec -conf .gosec.yaml -severity high -confidence high ./...
|
gosec -conf .gosec.json -severity high -confidence high ./...
|
||||||
|
|
||||||
frontend-security:
|
frontend-security:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|||||||
5
backend/.gosec.json
Normal file
5
backend/.gosec.json
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
{
|
||||||
|
"global": {
|
||||||
|
"exclude": "G704"
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
global:
|
|
||||||
# Exclude G704 (SSRF via taint analysis) - this is an API gateway platform
|
|
||||||
# that by design proxies requests to configurable upstream services.
|
|
||||||
# All upstream URLs are sourced from admin-configured settings or known
|
|
||||||
# third-party API endpoints, not from end-user input.
|
|
||||||
exclude:
|
|
||||||
- G704
|
|
||||||
Reference in New Issue
Block a user