fix(ci): gosec 跳过自动生成的代码文件避免扫描超时

为 gosec 添加 -exclude-generated 标志，跳过带有 "// Code generated" 注释的文件（如 wire_gen.go），防止安全扫描因分析自动生成代码而超时。

fix(ci): gosec 跳过自动生成的代码文件避免扫描超时
为 gosec 添加 -exclude-generated 标志，跳过带有 "// Code generated" 注释的文件（如 wire_gen.go），防止安全扫描因分析自动生成代码而超时。
54de3bf2 · shaw · 4587c3e5 · 54de3bf2
Commit 54de3bf2 authored Feb 28, 2026 by shaw
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -34,7 +34,7 @@ jobs:
        run: |
          go install github.com/securego/gosec/v2/cmd/gosec@latest
          # exclude ent/ — auto-generated ORM code, not subject to manual security review
-          gosec -conf .gosec.json -severity high -confidence high -exclude-dir=ent ./...
+          gosec -conf .gosec.json -severity high -confidence high -exclude-generated -exclude-dir=ent ./...

  frontend-security:
    runs-on: ubuntu-latest