fix(ci): 将 gosec 集成到 golangci-lint 解决安全扫描超时
standalone gosec 扫描 24 万行 Go 代码在 CI 中持续超时, 将其作为 golangci-lint 的内置 linter 运行,复用 AST 解析和缓存大幅提速。 - 在 .golangci.yml 中启用 gosec 并迁移原有排除规则 - golangci-lint timeout 从 5m 提升到 30m - 从 security-scan.yml 移除 standalone gosec 步骤 - 删除不再需要的 .gosec.json 配置文件
This commit is contained in:
shaw
2
.github/workflows/backend-ci.yml
vendored
2
.github/workflows/backend-ci.yml
vendored
@@ -43,5 +43,5 @@ jobs:
|
||||
uses: golangci/golangci-lint-action@v9
|
||||
with:
|
||||
version: v2.7
|
||||
args: --timeout=5m
|
||||
args: --timeout=30m
|
||||
working-directory: backend
|
||||
6
.github/workflows/security-scan.yml
vendored
6
.github/workflows/security-scan.yml
vendored
@@ -29,12 +29,6 @@ jobs:
|
||||
run: |
|
||||
go install golang.org/x/vuln/cmd/govulncheck@latest
|
||||
govulncheck ./...
|
||||
- name: Run gosec
|
||||
working-directory: backend
|
||||
run: |
|
||||
go install github.com/securego/gosec/v2/cmd/gosec@latest
|
||||
# exclude ent/ — auto-generated ORM code, not subject to manual security review
|
||||
gosec -conf .gosec.json -severity high -confidence high -exclude-generated -exclude-dir=ent ./...
|
||||
|
||||
frontend-security:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
Reference in New Issue
Block a user