diff --git a/.github/workflows/backend-ci-cd.yml b/.github/workflows/backend-ci-cd.yml index 67d9374..ed8b274 100644 --- a/.github/workflows/backend-ci-cd.yml +++ b/.github/workflows/backend-ci-cd.yml @@ -102,6 +102,7 @@ jobs: mkdir -p assets-amd64/sgp mkdir -p assets-arm64/sgp mkdir -p assets/vsix + mkdir tarballs touch docs/swagger.json # 下载 xdb @@ -113,8 +114,8 @@ jobs: wget -O assets/vsix/monkeycode-${VERSION_NO_V}.vsix https://baizhiyun.oss-cn-hangzhou.aliyuncs.com/monkeycode/vsix/monkeycode-${VERSION_NO_V}.vsix # 下载 x86_64 SGP - wget -O assets-amd64/sgp/sgp https://baizhiyun.oss-cn-hangzhou.aliyuncs.com/monkeycode/sgp/x86_64/sgp - wget -O assets-amd64/sgp/sgp-rules https://baizhiyun.oss-cn-hangzhou.aliyuncs.com/monkeycode/sgp/x86_64/sgp-rules + wget -O tarballs/sgp.tgz https://baizhiyun.oss-cn-hangzhou.aliyuncs.com/monkeycode/sgp/x86_64/sgp.tgz + tar -xzvf tarballs/sgp.tgz -C assets-amd64 chmod +x assets-amd64/sgp/sgp # 下载 aarch64 SGP diff --git a/backend/build/Dockerfile.scanner b/backend/build/Dockerfile.scanner index e36c37e..3610247 100644 --- a/backend/build/Dockerfile.scanner +++ b/backend/build/Dockerfile.scanner @@ -1,4 +1,4 @@ -FROM --platform=$BUILDPLATFORM golang:1.23-alpine AS builder +FROM --platform=$BUILDPLATFORM golang:1.25-alpine AS builder WORKDIR /src ENV CGO_ENABLED=0 @@ -23,6 +23,11 @@ cmd/scanner/main.go cmd/scanner/wire_gen.go FROM debian:bullseye-20250721-slim as binary +RUN apt-get update && \ + apt-get install -y ca-certificates && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + WORKDIR /app ARG TARGETARCH diff --git a/backend/pkg/scan/scan.go b/backend/pkg/scan/scan.go index 6ce0c6a..48497d5 100644 --- a/backend/pkg/scan/scan.go +++ b/backend/pkg/scan/scan.go @@ -19,6 +19,10 @@ func Scan(id string, workspace, rule string) (*Result, error) { "--metrics=off", "--disable-version-check", "--disable-nosem", + "--confidence=HIGH", + "--confidence=MEDIUM", + "--impact=HIGH", + "--impact=MEDIUM", "--time", "--json", "--output", output,