Toutsu/GmRelayBot
1
1
Fork 0
Code Issues 18 Pull Requests 1 Actions Packages Projects Releases 85 Wiki Activity

ci: add deep SAST via SecurityCodeScan Roslyn analyzer
PR Checks / security-scan (pull_request) Failing after 1m17s
Details
PR Checks / test-and-build (pull_request) Successful in 3m27s
Details

Browse Source 
- SecurityCodeScan.VS2019 5.6.7 injected into Directory.Build.props
  scans all C# source during every dotnet build
- HIGH/CRITICAL findings fail the build because TreatWarningsAsErrors=true
- No extra CI step needed: analyzer runs inside every build job automatically

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Toutsu
2026-05-12 12:45:36 +03:00
parent 043ed9ce45
commit 06d40fdbc8
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/pr-checks.yml
+3 -3
View File
@@ -39,13 +39,13 @@ jobs:
- name: Restore dependencies
run: dotnet restore
- name: Build Shared
- name: Build Shared (includes SAST via SecurityCodeScan)
run: dotnet build src/GmRelay.Shared/GmRelay.Shared.csproj --no-restore
- name: Build Bot (compile check)
- name: Build Bot (compile check, includes SAST)
run: dotnet build src/GmRelay.Bot/GmRelay.Bot.csproj --no-restore
- name: Build Web (compile check)
- name: Build Web (compile check, includes SAST)
run: dotnet build src/GmRelay.Web/GmRelay.Web.csproj --no-restore
- name: Run tests
Directory.Build.props
+4
View File
@@ -7,4 +7,8 @@
<ImplicitUsings>enable</ImplicitUsings>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="SecurityCodeScan.VS2019" Version="5.6.7" PrivateAssets="all" />
</ItemGroup>
</Project>