diff --git a/.gitea/workflows/sonar-scan.yml b/.gitea/workflows/sonar-scan.yml
index 209cacb..02ee6e4 100644
--- a/.gitea/workflows/sonar-scan.yml
+++ b/.gitea/workflows/sonar-scan.yml
@@ -41,9 +41,26 @@ jobs:
             /d:sonar.language="csharp" `
             /d:sonar.exclusions="**/obj/**,**/bin/Debug/**" `
             /d:sonar.coverage.exclusions="**/Test/**,**/*.Tests.cs"
-            
+
             /d:sonar.dependencyCheck.enabled=true `
             /d:sonar.dependencyCheck.nuget.enabled=true `
             /d:sonar.dependencyCheck.reportPath="./dependency-check-report.xml"
           dotnet build --configuration Release
-          dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
\ No newline at end of file
+          dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
+      # 步骤3：OWASP Dependency-Check 专业 NuGet 漏洞扫描（不变）
+      - name: OWASP NuGet Dependency Vulnerability Scan
+        run: |
+          dependency-check.bat `
+            --scan "./" `
+            --format HTML `
+            --format XML `
+            --out "./dependency-scan-results" `
+            --suppression "./.dependency-check-suppression.xml" `
+            --failOnCVSS 7
+      # 步骤4：上传报告到 Gitea Actions（官方工具，无 404）
+      - name: Upload Dependency Scan Report to Gitea Actions
+        uses: gitea.com/actions/upload-artifact@v4  # Gitea 官方维护，兼容无问题
+        with:
+          name: dependency-scan-report  # 附件名称（下载时显示）
+          path: ./dependency-scan-results/  # 要上传的报告目录（含 HTML/XML 报告）
+          retention-days: 30  # 报告留存 30 天（可选，默认永久）
\ No newline at end of file