Add cargo-deny

Author: DanNixon

.github/workflows/ci.yml

@@ -40,6 +40,9 @@ jobs:
       - name: Format
         run: nix develop --command treefmt --fail-on-change
 
+      - name: cargo-deny
+        run: nix develop --command cargo deny check
+
       - name: Clippy
         if: steps.filter.outputs.flake == 'true' || steps.filter.outputs.rust == 'true'
         run: nix develop --command cargo clippy --all-targets -- -D warnings

deny.toml

@@ -0,0 +1,34 @@
+[advisories]
+version = 2
+db-path = "~/.cargo/advisory-db"
+db-urls = [ "https://github.com/rustsec/advisory-db" ]
+
+[licenses]
+version = 2
+allow = [
+  "MIT",
+  "GPL-3.0",
+  "Apache-2.0",
+  "BSD-3-Clause",
+  "OpenSSL",
+  "Unicode-DFS-2016",
+  "ISC",
+  "LicenseRef-hdf5",
+]
+
+[[licenses.clarify]]
+name = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+  { path = "LICENSE", hash = 0xbd0eed23 },
+]
+
+[[licenses.clarify]]
+name = "hdf5-metno-src"
+expression = "LicenseRef-hdf5"
+license-files = [
+  { path = "ext/hdf5/COPYING", hash = 0xf13e3591 },
+]
+
+[bans]
+multiple-versions = "allow"

flake.nix

@@ -62,6 +62,9 @@
             treefmt
             mdl
 
+            # Dependency auditing
+            cargo-deny
+
             # Container image management
             skopeo