Security Audit #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security Audit | |
| # Weekly cargo-audit run over Cargo.lock. Reports RustSec advisories that | |
| # affect any transitive dependency in the workspace. Not a PR gate; the action | |
| # opens/updates a dedicated issue when new advisories appear so triage stays | |
| # visible without blocking everyday merges. | |
| on: | |
| schedule: | |
| # Mondays at 06:00 UTC. | |
| - cron: '0 6 * * 1' | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - '**/Cargo.toml' | |
| - '**/Cargo.lock' | |
| - '.github/workflows/audit.yml' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| issues: write | |
| checks: write | |
| jobs: | |
| audit: | |
| name: cargo audit | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Run cargo audit | |
| uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} |