Learning/VectorDBDemo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix workflow: remove github dependency + duplicate scan
Some checks failed
SonarQube Code Quality Scan / scan (push) Failing after 48m10s
Details

Browse Source
This commit is contained in:
ShaoHua
2025-12-02 23:54:20 +08:00
parent cf5f0a50b9
commit 9b3bf0697e
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.gitea/workflows/sonar-scan.yml
View File

@@ -35,9 +35,12 @@ jobs:
dotnet --list-sdks
dotnet --version
# ============================
# STEP 4: Dependency Check (CVE)
# ============================
- name: Install OWASP Dependency Check
run: |
Invoke-WebRequest -Uri "https://github.com/jeremylong/DependencyCheck/releases/download/v10.0.3/dependency-check-10.0.3-release.zip" -OutFile "dc.zip"
Expand-Archive -Path "dc.zip" -DestinationPath "./dc" -Force
echo "$PWD/dc/dependency-check/bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
- name: Run OWASP Dependency Check
run: |
dependency-check.bat --project "VectorDBDemo" --scan "." --format "XML" --out "./depcheck"