Skip to content

Commit 9544570

Browse files
codefromthecryptcodefromthecrypt
authored
fix(ci): switch from cargo-audit to cargo-deny for advisory scanning (#7032)
Signed-off-by: Adrian Cole <adrian@tetrate.io>
1 parent 3d562f8 commit 9544570

3 files changed

Lines changed: 34 additions & 32 deletions

File tree

.github/workflows/cargo-audit.yml

Lines changed: 0 additions & 32 deletions
This file was deleted.

.github/workflows/cargo-deny.yml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
name: "Cargo Deny"
2+
on:
3+
push:
4+
paths:
5+
# Run if workflow changes
6+
- '.github/workflows/cargo-deny.yml'
7+
# Run on changed dependencies
8+
- '**/Cargo.toml'
9+
- '**/Cargo.lock'
10+
# Run if the configuration file changes
11+
- 'deny.toml'
12+
# Rerun periodically to pick up new advisories
13+
schedule:
14+
- cron: '0 0 * * *'
15+
# Run manually
16+
workflow_dispatch:
17+
18+
jobs:
19+
deny:
20+
runs-on: ubuntu-latest
21+
permissions:
22+
contents: read
23+
steps:
24+
- uses: actions/checkout@v4
25+
# https://github.com/EmbarkStudios/cargo-deny-action v2.0.15
26+
- uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979
27+
with:
28+
command: check advisories

deny.toml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
[advisories]
2+
# Deny yanked crates to catch supply chain issues early.
3+
yanked = "deny"
4+
# Emulate cargo-audit which only checks vulnerabilities and yanked crates, not unmaintained/unsound.
5+
unmaintained = "none"
6+
unsound = "none"

0 commit comments

Comments
 (0)