fix workflow: remove github dependency + duplicate scan
Some checks failed
SonarQube Code Quality Scan / scan (push) Failing after 1s
Some checks failed
SonarQube Code Quality Scan / scan (push) Failing after 1s
This commit is contained in:
ShaoHua
@@ -41,9 +41,26 @@ jobs:
|
||||
/d:sonar.language="csharp" `
|
||||
/d:sonar.exclusions="**/obj/**,**/bin/Debug/**" `
|
||||
/d:sonar.coverage.exclusions="**/Test/**,**/*.Tests.cs"
|
||||
|
||||
|
||||
/d:sonar.dependencyCheck.enabled=true `
|
||||
/d:sonar.dependencyCheck.nuget.enabled=true `
|
||||
/d:sonar.dependencyCheck.reportPath="./dependency-check-report.xml"
|
||||
dotnet build --configuration Release
|
||||
dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
|
||||
dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
|
||||
# 步骤3:OWASP Dependency-Check 专业 NuGet 漏洞扫描(不变)
|
||||
- name: OWASP NuGet Dependency Vulnerability Scan
|
||||
run: |
|
||||
dependency-check.bat `
|
||||
--scan "./" `
|
||||
--format HTML `
|
||||
--format XML `
|
||||
--out "./dependency-scan-results" `
|
||||
--suppression "./.dependency-check-suppression.xml" `
|
||||
--failOnCVSS 7
|
||||
# 步骤4:上传报告到 Gitea Actions(官方工具,无 404)
|
||||
- name: Upload Dependency Scan Report to Gitea Actions
|
||||
uses: gitea.com/actions/upload-artifact@v4 # Gitea 官方维护,兼容无问题
|
||||
with:
|
||||
name: dependency-scan-report # 附件名称(下载时显示)
|
||||
path: ./dependency-scan-results/ # 要上传的报告目录(含 HTML/XML 报告)
|
||||
retention-days: 30 # 报告留存 30 天(可选,默认永久)
|
||||
Reference in New Issue
Block a user