ai/gitea-mcp
1
0
Fork 0
mirror of https://gitea.com/gitea/gitea-mcp.git synced 2025-08-24 06:43:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ai:v0.3.1
Branches Tags
ai:main ai:pathc2 ai:sec
ai:v0.3.1 ai:v0.3.0 ai:v0.2.0 ai:v0.1.9 ai:v0.1.8 ai:v0.1.7 ai:v0.1.6 ai:v0.1.5 ai:v0.1.4 ai:v0.1.3 ai:v0.1.2 ai:v0.1.1 ai:v0.1.0
...
compare: ai:sec
Branches Tags
ai:main ai:pathc2 ai:sec
ai:v0.3.1 ai:v0.3.0 ai:v0.2.0 ai:v0.1.9 ai:v0.1.8 ai:v0.1.7 ai:v0.1.6 ai:v0.1.5 ai:v0.1.4 ai:v0.1.3 ai:v0.1.2 ai:v0.1.1 ai:v0.1.0

3 Commits
v0.3.1 ... sec

Author SHA1 Message Date
appleboy
9000494a63 ci: correct Trivy action repository reference format 
- Update Trivy action reference to use the correct repository format

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-07-31 22:03:12 +08:00
appleboy
3d44b2f8d6 ci: update Trivy action to use full GitHub URL reference 
- Change Trivy action reference to use the full Git URL for aquasecurity/trivy-action

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-07-31 21:57:34 +08:00
appleboy
7ce07265b9 ci: integrate Trivy code scanning in PR workflows 
- Add a code scanning job using Trivy to check for CRITICAL and HIGH severity vulnerabilities during PR workflows

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-07-31 21:23:55 +08:00
1 changed files with 16 additions and 1 deletions
Expand all files Collapse all files

17
.gitea/workflows/test-pr.yml
View File

@@ -23,4 +23,19 @@ jobs:
uses: golang/govulncheck-action@v1 uses: golang/govulncheck-action@v1
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
go-package: ./... go-package: ./...
code-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.28.0
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
exit-code: '1'
severity: 'CRITICAL,HIGH'