Skip to content

Commit 0bbd2f2

Browse files
committed
fix: 依赖漏洞扫描 - 修复依赖审查阻塞OWASP扫描的问题
- 依赖审查步骤添加 continue-on-error: true,防止发现漏洞时阻塞后续步骤 - 分析依赖树和OWASP扫描步骤添加 if: success() || failure(),确保无论依赖审查结果如何都能运行 - 确保已配置的 NVD_API_KEY 能被OWASP扫描正确使用
1 parent 33a30c3 commit 0bbd2f2

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

.github/workflows/code-check.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -391,14 +391,19 @@ jobs:
391391
run: chmod +x gradlew
392392

393393
# GitHub Dependency Review - 仅 PR 时运行
394+
# 使用 continue-on-error 防止审查发现漏洞时阻塞后续 OWASP 深度扫描
394395
- name: 依赖审查
395396
uses: actions/dependency-review-action@v4
396397
if: github.event_name == 'pull_request'
398+
continue-on-error: true
397399
with:
398400
fail-on-severity: high
399401
deny-licenses: GPL-3.0, AGPL-3.0
400402

403+
# 分析依赖树和 OWASP 扫描使用 if: success() || failure()
404+
# 确保即使依赖审查发现漏洞(步骤失败),这两个步骤仍然能执行
401405
- name: 分析依赖树
406+
if: success() || failure()
402407
run: |
403408
echo "## 依赖分析" >> $GITHUB_STEP_SUMMARY
404409
echo "" >> $GITHUB_STEP_SUMMARY
@@ -409,7 +414,9 @@ jobs:
409414
# OWASP 依赖漏洞扫描
410415
# 免费申请 NVD API Key:https://nvd.nist.gov/developers/request-an-api-key
411416
# 配置方法:GitHub 仓库 → Settings → Secrets → Actions → NVD_API_KEY
417+
# 使用 if: success() || failure() 确保无论依赖审查是否通过,OWASP 扫描都能运行
412418
- name: OWASP 依赖漏洞扫描
419+
if: success() || failure()
413420
run: |
414421
# 检查是否配置了 NVD API Key
415422
if [ -n "$NVD_API_KEY" ]; then

0 commit comments

Comments
 (0)