fix(ci): gosec 跳过自动生成的代码文件避免扫描超时
为 gosec 添加 -exclude-generated 标志,跳过带有 "// Code generated" 注释的文件(如 wire_gen.go), 防止安全扫描因分析自动生成代码而超时。
This commit is contained in:
shaw
2
.github/workflows/security-scan.yml
vendored
2
.github/workflows/security-scan.yml
vendored
@@ -34,7 +34,7 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
go install github.com/securego/gosec/v2/cmd/gosec@latest
|
go install github.com/securego/gosec/v2/cmd/gosec@latest
|
||||||
# exclude ent/ — auto-generated ORM code, not subject to manual security review
|
# exclude ent/ — auto-generated ORM code, not subject to manual security review
|
||||||
gosec -conf .gosec.json -severity high -confidence high -exclude-dir=ent ./...
|
gosec -conf .gosec.json -severity high -confidence high -exclude-generated -exclude-dir=ent ./...
|
||||||
|
|
||||||
frontend-security:
|
frontend-security:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|||||||
Reference in New Issue
Block a user