File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -391,14 +391,19 @@ jobs:
391391 run : chmod +x gradlew
392392
393393 # GitHub Dependency Review - 仅 PR 时运行
394+ # 使用 continue-on-error 防止审查发现漏洞时阻塞后续 OWASP 深度扫描
394395 - name : 依赖审查
395396 uses : actions/dependency-review-action@v4
396397 if : github.event_name == 'pull_request'
398+ continue-on-error : true
397399 with :
398400 fail-on-severity : high
399401 deny-licenses : GPL-3.0, AGPL-3.0
400402
403+ # 分析依赖树和 OWASP 扫描使用 if: success() || failure()
404+ # 确保即使依赖审查发现漏洞(步骤失败),这两个步骤仍然能执行
401405 - name : 分析依赖树
406+ if : success() || failure()
402407 run : |
403408 echo "## 依赖分析" >> $GITHUB_STEP_SUMMARY
404409 echo "" >> $GITHUB_STEP_SUMMARY
@@ -409,7 +414,9 @@ jobs:
409414 # OWASP 依赖漏洞扫描
410415 # 免费申请 NVD API Key:https://nvd.nist.gov/developers/request-an-api-key
411416 # 配置方法:GitHub 仓库 → Settings → Secrets → Actions → NVD_API_KEY
417+ # 使用 if: success() || failure() 确保无论依赖审查是否通过,OWASP 扫描都能运行
412418 - name : OWASP 依赖漏洞扫描
419+ if : success() || failure()
413420 run : |
414421 # 检查是否配置了 NVD API Key
415422 if [ -n "$NVD_API_KEY" ]; then
You can’t perform that action at this time.
0 commit comments