fix(ci): 将 gosec 集成到 golangci-lint 解决安全扫描超时

standalone gosec 扫描 24 万行 Go 代码在 CI 中持续超时，将其作为 golangci-lint 的内置 linter 运行，复用 AST 解析和缓存大幅提速。 - 在 .golangci.yml 中启用 gosec 并迁移原有排除规则 - golangci-lint timeout 从 5m 提升到 30m - 从 security-scan.yml 移除 standalone gosec 步骤 - 删除不再需要的 .gosec.json 配置文件
2026-02-28 23:08:41 +08:00
parent 493bd188d5
commit fbfbb26fd2
4 changed files with 18 additions and 12 deletions
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -29,12 +29,6 @@ jobs:
        run: |
          go install golang.org/x/vuln/cmd/govulncheck@latest
          govulncheck ./...
-      - name: Run gosec
-        working-directory: backend
-        run: |
-          go install github.com/securego/gosec/v2/cmd/gosec@latest
-          # exclude ent/ — auto-generated ORM code, not subject to manual security review
-          gosec -conf .gosec.json -severity high -confidence high -exclude-generated -exclude-dir=ent ./...

  frontend-security:
    runs-on: ubuntu-latest