Merge pull request #571 from wucm667/chore/configure-gosec-exclusions
chore: 配置 gosec 排除规则
This commit is contained in:
Wesley Liddick
2
.github/workflows/security-scan.yml
vendored
2
.github/workflows/security-scan.yml
vendored
@@ -32,7 +32,7 @@ jobs:
|
||||
working-directory: backend
|
||||
run: |
|
||||
go install github.com/securego/gosec/v2/cmd/gosec@latest
|
||||
gosec -severity high -confidence high ./...
|
||||
gosec -conf .gosec.yaml -severity high -confidence high ./...
|
||||
|
||||
frontend-security:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
7
backend/.gosec.yaml
Normal file
7
backend/.gosec.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
global:
|
||||
# Exclude G704 (SSRF via taint analysis) - this is an API gateway platform
|
||||
# that by design proxies requests to configurable upstream services.
|
||||
# All upstream URLs are sourced from admin-configured settings or known
|
||||
# third-party API endpoints, not from end-user input.
|
||||
exclude:
|
||||
- G704
|
||||
Reference in New Issue
Block a user