From 54de3bf27aac8cc218d26c8c46704536e00dee01 Mon Sep 17 00:00:00 2001 From: shaw Date: Sat, 28 Feb 2026 22:30:53 +0800 Subject: [PATCH] =?UTF-8?q?fix(ci):=20gosec=20=E8=B7=B3=E8=BF=87=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E7=94=9F=E6=88=90=E7=9A=84=E4=BB=A3=E7=A0=81=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E9=81=BF=E5=85=8D=E6=89=AB=E6=8F=8F=E8=B6=85=E6=97=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 为 gosec 添加 -exclude-generated 标志,跳过带有 "// Code generated" 注释的文件(如 wire_gen.go), 防止安全扫描因分析自动生成代码而超时。 --- .github/workflows/security-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 830b2667..7c59b074 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -34,7 +34,7 @@ jobs: run: | go install github.com/securego/gosec/v2/cmd/gosec@latest # exclude ent/ — auto-generated ORM code, not subject to manual security review - gosec -conf .gosec.json -severity high -confidence high -exclude-dir=ent ./... + gosec -conf .gosec.json -severity high -confidence high -exclude-generated -exclude-dir=ent ./... frontend-security: runs-on: ubuntu-latest