复制项目

2026-01-14 22:35:45 +08:00
parent 305d526110
commit b7f8db7d08
297 changed files with 81784 additions and 0 deletions
--- a/.github/workflows/gosec.yml
+++ b/.github/workflows/gosec.yml
@@ -0,0 +1,31 @@
+name: OpenIM Run Gosec
+
+# gosec is a source code security audit tool for the Go language. It performs a static 
+# analysis of the Go code, looking for potential security problems. The main functions of gosec are:
+#     1. Find common security vulnerabilities, such as SQL injection, command injection, and cross-site scripting (XSS).
+#     2. Audit codes according to common security standards and find non-standard codes.
+#     3. Assist the Go language engineer to write safe and reliable code.
+# https://github.com/securego/gosec/
+on:
+  push:
+    branches: "*"
+  pull_request:
+    branches: "*"
+    paths-ignore:
+      - '*.md'
+      - '*.yml'
+      - '.github'
+
+jobs:
+  golang-security-action:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: ./...
+        continue-on-error: true