From 9b3bf0697e0ecb0b9a8dd1312a48afe63ebdde58 Mon Sep 17 00:00:00 2001
From: ShaoHua <345265198@qqcom>
Date: Tue, 2 Dec 2025 23:54:20 +0800
Subject: [PATCH] fix workflow: remove github dependency + duplicate scan

---
 .gitea/workflows/sonar-scan.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/sonar-scan.yml b/.gitea/workflows/sonar-scan.yml
index 90a6ccd..ee9f602 100644
--- a/.gitea/workflows/sonar-scan.yml
+++ b/.gitea/workflows/sonar-scan.yml
@@ -35,9 +35,12 @@ jobs:
           dotnet --list-sdks
           dotnet --version
 
-      # ============================
-      # STEP 4: Dependency Check (CVE)
-      # ============================
+      - name: Install OWASP Dependency Check
+        run: |
+          Invoke-WebRequest -Uri "https://github.com/jeremylong/DependencyCheck/releases/download/v10.0.3/dependency-check-10.0.3-release.zip" -OutFile "dc.zip"
+          Expand-Archive -Path "dc.zip" -DestinationPath "./dc" -Force
+          echo "$PWD/dc/dependency-check/bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+
       - name: Run OWASP Dependency Check
         run: |
           dependency-check.bat --project "VectorDBDemo" --scan "." --format "XML" --out "./depcheck"