From c6beb142f33c5e04b6ff3accd7fb8cede0cdf99f Mon Sep 17 00:00:00 2001
From: Duan-0916 <76544421+Duan-0916@users.noreply.github.com>
Date: Fri, 1 Dec 2023 22:54:35 +0800
Subject: [PATCH] chore: Add Code Scan Action (#113)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Motivation:

为了增强代码审查流程并确保代码的安全性和合规性，我新增了代码安全扫描和开源组件扫描。通过加入这些扫描，我们可以识别潜在的漏洞，并确保代码库符合开源项目治理标准化的要求。

Modification:

新增了cloud_code_scan.yml模板，添加了代码安全扫描和开源组件扫描步骤。这些步骤将作为工作流的一部分进行执行，以执行必要的安全检查和合规性验证。通过添加这些扫描，我们可以积极解决安全问题，并确保遵守开源许可协议。

Result:

通过引入代码安全扫描和开源组件扫描，增强了代码审查流程。它有助于识别安全漏洞，并确保符合开源许可要求。这一改进有助于提高代码库的整体质量和安全性。
---
 .github/workflows/cloud_code_scan.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/cloud_code_scan.yml

diff --git a/.github/workflows/cloud_code_scan.yml b/.github/workflows/cloud_code_scan.yml
new file mode 100644
index 0000000..9a6da4a
--- /dev/null
+++ b/.github/workflows/cloud_code_scan.yml
@@ -0,0 +1,22 @@
+name: Alipay Cloud Devops Codescan
+on:
+  pull_request_target:
+jobs:
+  stc:   # Code security scanning
+    runs-on: ubuntu-latest
+    steps:
+      - name: codeScan
+        uses: layotto/alipay-cloud-devops-codescan@main
+        with:
+          parent_uid: ${{ secrets.ALI_PID }}
+          private_key: ${{ secrets.ALI_PK }}
+          scan_type: stc
+  sca:   # Open source compliance scanning
+    runs-on: ubuntu-latest
+    steps:
+      - name: codeScan
+        uses: layotto/alipay-cloud-devops-codescan@main
+        with:
+          parent_uid: ${{ secrets.ALI_PID }}
+          private_key: ${{ secrets.ALI_PK }}
+          scan_type: sca