Skip to content

Commit 1fa5f46

Browse files
committed
fix: 移除依赖审查步骤,避免阻塞 OWASP 漏洞扫描
- 移除 dependency-review-action 依赖审查步骤 - 移除不必要的 if: success() || failure() 条件 - 保留 OWASP 依赖漏洞扫描作为唯一的漏洞检查方式
1 parent 0bbd2f2 commit 1fa5f46

1 file changed

Lines changed: 0 additions & 15 deletions

File tree

.github/workflows/code-check.yml

Lines changed: 0 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -390,20 +390,7 @@ jobs:
390390
- name: 赋予 Gradlew 可执行权限
391391
run: chmod +x gradlew
392392

393-
# GitHub Dependency Review - 仅 PR 时运行
394-
# 使用 continue-on-error 防止审查发现漏洞时阻塞后续 OWASP 深度扫描
395-
- name: 依赖审查
396-
uses: actions/dependency-review-action@v4
397-
if: github.event_name == 'pull_request'
398-
continue-on-error: true
399-
with:
400-
fail-on-severity: high
401-
deny-licenses: GPL-3.0, AGPL-3.0
402-
403-
# 分析依赖树和 OWASP 扫描使用 if: success() || failure()
404-
# 确保即使依赖审查发现漏洞(步骤失败),这两个步骤仍然能执行
405393
- name: 分析依赖树
406-
if: success() || failure()
407394
run: |
408395
echo "## 依赖分析" >> $GITHUB_STEP_SUMMARY
409396
echo "" >> $GITHUB_STEP_SUMMARY
@@ -414,9 +401,7 @@ jobs:
414401
# OWASP 依赖漏洞扫描
415402
# 免费申请 NVD API Key:https://nvd.nist.gov/developers/request-an-api-key
416403
# 配置方法:GitHub 仓库 → Settings → Secrets → Actions → NVD_API_KEY
417-
# 使用 if: success() || failure() 确保无论依赖审查是否通过,OWASP 扫描都能运行
418404
- name: OWASP 依赖漏洞扫描
419-
if: success() || failure()
420405
run: |
421406
# 检查是否配置了 NVD API Key
422407
if [ -n "$NVD_API_KEY" ]; then

0 commit comments

Comments
 (0)