清夏晚风的博客

05.Gitee代码安全扫描方案

清夏晚风

2026-01-13 16:48:23 2026-01-13 16:48:23 Created 2026-01-13 16:48:23 2026-01-13 16:48:23 Updated

Gitee

代码安全管控

扫描矩阵

扫描类型	工具	触发条件	阻断阈值
SAST	Fortify	每次MR合并前	高危≤3
SCA	Black Duck	每日定时	已知漏洞
敏感信息	GitGuardian	每次推送	零容忍

门禁规则

# .gitee-ci.yml
quality_gate:
  security:
    max_critical: 0
    max_high: 2
  coverage:
    min_line_coverage: 80%
    min_branch_coverage: 60%
  dependencies:
    allow_unknown_licenses: false

漏洞跟踪

# 自动创建Issue
def create_security_issue(vuln):
    issue_api = gitee.IssuesApi()
    return issue_api.post_v5_repos_issues(
        owner=repo_owner,
        repo=repo_name,
        body={
            "title": f"[SECURITY] {vuln['name']}",
            "body": f"漏洞等级: {vuln['level']}\n修复建议: {vuln['solution']}",
            "labels": "security,urgent"
        }
    )

Title: 05.Gitee代码安全扫描方案
Author: 清夏晚风
Created at : 2026-01-13 16:48:23
Updated at : 2026-01-13 16:48:23
Link: https://blog.kimikkorow.eu.org/版本控制管理/Gitee/05.Gitee代码安全扫描方案/
License: This work is licensed under CC BY-NC-SA 4.0.

#Gitee

On this page

05.Gitee代码安全扫描方案

代码安全管控