Add Code Scan Action #2366
Add Code Scan Action #2366
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #2366 +/- ##
=======================================
Coverage 60.71% 60.72%
=======================================
Files 426 426
Lines 37718 37719 +1
=======================================
+ Hits 22902 22906 +4
+ Misses 12565 12564 -1
+ Partials 2251 2249 -2 ☔ View full report in Codecov by Sentry. |
| @@ -0,0 +1,22 @@ | |||
| name: Alipay Cloud Devops Codescan | |||
| on: | |||
| pull_request_target: | |||
There was a problem hiding this comment.
need more action to triger Github Action:
on:
push:
branches:
- master
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_reviewThere was a problem hiding this comment.
Pull_ Request_ The target basically includes these actions, and currently uses pull_ There may be some errors in the request
There was a problem hiding this comment.
我认为显式指定 types 更加优雅,更加直观,可读性更高,
默认情况下,工作流仅在 pull_request_target 事件的活动类型为 opened、synchronize 或 reopened 时运行。
https://docs.github.com/zh/actions/using-workflows/events-that-trigger-workflows#pull_request_target
on:
push:
branches:
- master这个配置也是有必要的,你没发现,你添加这个 workflow 后,你自己没触发过吗?如果不配置这个,像你这种贡献 workflow action 的人就没办法去触发验证该 workflow
Motivation:
为了增强代码审查流程并确保代码的安全性和合规性,我新增了代码安全扫描和开源组件扫描。通过加入这些扫描,我们可以识别潜在的漏洞,并确保代码库符合开源项目治理标准化的要求。
Modification:
新增了cloud_code_scan.yml模板,添加了代码安全扫描和开源组件扫描步骤。这些步骤将作为工作流的一部分进行执行,以执行必要的安全检查和合规性验证。通过添加这些扫描,我们可以积极解决安全问题,并确保遵守开源许可协议。
Result:
通过引入代码安全扫描和开源组件扫描,增强了代码审查流程。它有助于识别安全漏洞,并确保符合开源许可要求。这一改进有助于提高代码库的整体质量和安全性。