fix: 修复 gosec 配置文件格式错误导致 CI 失败

gosec -conf 只支持 JSON 格式，将 .gosec.yaml 转换为 .gosec.json

fix: 修复 gosec 配置文件格式错误导致 CI 失败
gosec -conf 只支持 JSON 格式，将 .gosec.yaml 转换为 .gosec.json
5248097f · shaw · 8e2c22d0 · 5248097f · 5248097f · 8e2c22d0
Commit 5248097f authored Feb 13, 2026 by shaw
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -32,7 +32,7 @@ jobs:
        working-directory: backend
        run: |
          go install github.com/securego/gosec/v2/cmd/gosec@latest
-          gosec -conf .gosec.yaml -severity high -confidence high ./...
+          gosec -conf .gosec.json -severity high -confidence high ./...

  frontend-security:
    runs-on: ubuntu-latest

--- a/backend/.gosec.json
+++ b/backend/.gosec.json
+{
+  "global": {
+    "exclude": "G704"
+  }
+}
--- a/backend/.gosec.yaml
+++ b/backend/.gosec.yaml
-global:
-  # Exclude G704 (SSRF via taint analysis) - this is an API gateway platform
-  # that by design proxies requests to configurable upstream services.
-  # All upstream URLs are sourced from admin-configured settings or known
-  # third-party API endpoints, not from end-user input.
-  exclude:
-    - G704