search

mosn / mosn

The Cloud-Native Network Proxy Platform
https://mosn.io
Apache License 2.0
4.41k stars 795 forks source link

Add Code Scan Action #2366

Open Duan-0916 opened 6 months ago

Duan-0916 commented 6 months ago

Motivation: 为了增强代码审查流程并确保代码的安全性和合规性,我新增了代码安全扫描和开源组件扫描。通过加入这些扫描,我们可以识别潜在的漏洞,并确保代码库符合开源项目治理标准化的要求。

Modification: 新增了cloud_code_scan.yml模板,添加了代码安全扫描和开源组件扫描步骤。这些步骤将作为工作流的一部分进行执行,以执行必要的安全检查和合规性验证。通过添加这些扫描,我们可以积极解决安全问题,并确保遵守开源许可协议。

Result: 通过引入代码安全扫描和开源组件扫描,增强了代码审查流程。它有助于识别安全漏洞,并确保符合开源许可要求。这一改进有助于提高代码库的整体质量和安全性。

codecov[bot] commented 6 months ago

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (1a41fed) 60.71% compared to head (97a5ffa) 60.72%. Report is 2 commits behind head on master.

:exclamation: Current head 97a5ffa differs from pull request most recent head 6d48b46. Consider uploading reports for the commit 6d48b46 to get more accurate results

Files Patch % Lines
pkg/filter/network/grpc/factory.go 0.00% 1 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #2366 +/- ## ======================================= Coverage 60.71% 60.72% ======================================= Files 426 426 Lines 37718 37719 +1 ======================================= + Hits 22902 22906 +4 + Misses 12565 12564 -1 + Partials 2251 2249 -2 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.