diff --git a/.gitea/workflows/sonar-scan.yml b/.gitea/workflows/sonar-scan.yml
index ee9f602..4f39b97 100644
--- a/.gitea/workflows/sonar-scan.yml
+++ b/.gitea/workflows/sonar-scan.yml
@@ -8,7 +8,15 @@ on:
 
 jobs:
   scan:
-    runs-on: windowsx64
+    runs-on: windows-latest  # 修正：原 windowsx64 不是官方支持的 runner 标签
+    
+    env:
+      # 配置代理（根据你的网络环境修改，若无需代理可删除）
+      PROXY_HOST: 127.0.0.1
+      PROXY_PORT: 7890
+      # Dependency-Check 配置
+      DC_VERSION: 10.0.3
+      DC_OUTPUT: ./depcheck
 
     steps:
       # ============================
@@ -19,6 +27,7 @@ jobs:
           git clone https://git.we965.cn/learning/VectorDBDemo.git .
           git fetch --depth=0
           git checkout ${{ github.ref_name }}
+        shell: pwsh
 
       # ============================
       # STEP 2: Setup Sonar Scanner
@@ -26,6 +35,7 @@ jobs:
       - name: Add Sonar Scanner to PATH
         run: |
           echo "D:\Paths\sonar-scanner-cli\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
+        shell: pwsh
 
       # ============================
       # STEP 3: Check .NET SDK
@@ -34,50 +44,93 @@ jobs:
         run: |
           dotnet --list-sdks
           dotnet --version
+        shell: pwsh
 
+      # ============================
+      # STEP 4: Install & Run OWASP Dependency Check
+      # ============================
       - name: Install OWASP Dependency Check
         run: |
-          Invoke-WebRequest -Uri "https://github.com/jeremylong/DependencyCheck/releases/download/v10.0.3/dependency-check-10.0.3-release.zip" -OutFile "dc.zip"
+          # 下载指定版本的 Dependency-Check
+          Invoke-WebRequest -Uri "https://github.com/jeremylong/DependencyCheck/releases/download/v${env:DC_VERSION}/dependency-check-${env:DC_VERSION}-release.zip" -OutFile "dc.zip" -UseBasicParsing
+          # 解压并添加到 PATH
           Expand-Archive -Path "dc.zip" -DestinationPath "./dc" -Force
-          echo "$PWD/dc/dependency-check/bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+          echo "$(Get-Location)/dc/dependency-check/bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+        shell: pwsh
 
       - name: Run OWASP Dependency Check
         run: |
-          dependency-check.bat --project "VectorDBDemo" --scan "." --format "XML" --out "./depcheck"
+          # 创建输出目录
+          New-Item -Path $env:DC_OUTPUT -ItemType Directory -Force
+          # 运行 Dependency-Check，配置代理+禁用不必要的数据源（减少失败概率）
+          dependency-check.bat `
+            --project "VectorDBDemo" `
+            --scan "." `
+            --format "XML" `
+            --out $env:DC_OUTPUT `
+            # 配置代理（关键：解决 RetireJS/NVD 下载问题）
+            -Dproxy.host=$env:PROXY_HOST `
+            -Dproxy.port=$env:PROXY_PORT `
+            # 可选：禁用暂时无法访问的数据源（若代理仍无法访问）
+            # -DdisableRetireJs=true `
+            # -DnvdApiEnabled=false `
+            # 增加超时时间
+            -DconnectionTimeout=30000 `
+            -DreadTimeout=30000
+        shell: pwsh
+        continue-on-error: false  # 若 Dependency-Check 失败则终止流程
 
       # ============================
-      # STEP 5: Build .NET
+      # STEP 5: Build .NET Project
       # ============================
       - name: Build .NET Project
         run: |
           dotnet restore
-          dotnet build --configuration Release
+          dotnet build --configuration Release --no-restore
+        shell: pwsh
 
       # ============================
       # STEP 6: SonarQube Scan
       # ============================
       - name: SonarQube Full Scan
         run: |
-          dotnet tool install --global dotnet-sonarscanner
-
+          # 安装 SonarScanner for .NET
+          dotnet tool install --global dotnet-sonarscanner --no-cache
+          # 开始扫描
           dotnet sonarscanner begin `
             /k:"vectordbdemo" `
             /d:sonar.host.url="http://127.0.0.1:9000" `
             /d:sonar.login="${{ secrets.SONAR_TOKEN }}" `
             /d:sonar.sources="./" `
-            /d:sonar.exclusions="**/obj/**,**/bin/**" `
-            /d:sonar.dependencyCheck.xmlReportPath="depcheck/dependency-check-report.xml"
-          dotnet build --configuration Release
+            /d:sonar.exclusions="**/obj/**,**/bin/**,dc/**,depcheck/**" `
+            /d:sonar.dependencyCheck.xmlReportPath="${env:DC_OUTPUT}/dependency-check-report.xml" `
+            /d:sonar.cs.vscoveragexml.reportsPaths="**/*.coveragexml" `
+            /d:sonar.verbose=true
+          # 重新构建（确保 Sonar 捕获构建信息）
+          dotnet build --configuration Release --no-restore
+          # 结束扫描
           dotnet sonarscanner end `
             /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
+        shell: pwsh
 
       # ============================
-      # STEP 7: Fetch Blocker Issues
+      # STEP 7: Fetch Blocker Issues (补全代码)
       # ============================
       - name: Fetch SonarQube Blocker Issues
         id: fetch_issues
         run: |
           $projectKey = "vectordbdemo"
           $sonarApiUrl = "http://127.0.0.1:9000/api/issues/search?projectKeys=$projectKey&severities=BLOCKER&statuses=OPEN"
-
-          $response = Invoke-R
+          # 调用 SonarQube API 获取阻断级问题
+          $response = Invoke-RestMethod -Uri $sonarApiUrl -Headers @{
+            "Authorization" = "Basic $([System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${{ secrets.SONAR_TOKEN }}:")))"
+          } -Method Get
+          # 输出问题数量
+          $blockerCount = $response.total
+          echo "blocker_issues_count=$blockerCount" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8
+          # 若有阻断级问题则输出详情并终止流程
+          if ($blockerCount -gt 0) {
+            Write-Error "Found $blockerCount Blocker issues in SonarQube"
+            exit 1
+          }
+        shell: pwsh
\ No newline at end of file