05.GitHub高级安全扫描方案

清夏晚风
  2026-01-13 16:48:23 2026-01-13 16:48:23 Created   2026-01-13 16:48:23 2026-01-13 16:48:23 Updated      

安全管控体系

扫描矩阵

类型 工具 触发条件 阻断阈值
SAST CodeQL PR创建时 Critical ≥1
SCA Dependabot 依赖更新时 已知漏洞
密钥 Gitleaks 每次推送 零容忍

安全门禁

1
2
3
4
5
6
7
8
9
10
11
# .github/security-gate.yml
on: pull_request
jobs:
  security-checks:
    runs-on: ubuntu-latest
    steps:
      - uses: github/codeql-action/analyze@v2
      - uses: actions/dependency-review-action@v3
        with:
          fail-on-severity: high
      - uses: zricethezav/gitleaks-action@v8
  • Title: 05.GitHub高级安全扫描方案
  • Author: 清夏晚风
  • Created at : 2026-01-13 16:48:23
  • Updated at : 2026-01-13 16:48:23
  • Link: https://blog.kimikkorow.eu.org/版本控制管理/Github/05.GitHub高级安全扫描方案/
  • License: This work is licensed under CC BY-NC-SA 4.0.
On this page
05.GitHub高级安全扫描方案
  1. 安全管控体系
    1. 扫描矩阵
    2. 安全门禁