Skip to content

Release v0.4.1: security hardening #1

Release v0.4.1: security hardening

Release v0.4.1: security hardening #1

Workflow file for this run

name: Security audit
# RustSec advisory scan, per the upstream recommendation: run when the
# dependency set changes, plus a daily schedule so an advisory published
# between dependency bumps still surfaces (scheduled runs file an issue).
# This does not gate releases - `deny` in ci.yml queries the same advisory
# database on every push, PR and tag, so a known CVE still fails the build.
on:
push:
branches: [main]
paths:
- "**/Cargo.toml"
- "**/Cargo.lock"
pull_request:
paths:
- "**/Cargo.toml"
- "**/Cargo.lock"
schedule:
- cron: "0 6 * * *"
permissions:
contents: read
# The action reports through a check run, and files an issue when a
# scheduled run finds a new advisory.
checks: write
issues: write
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: rustsec/audit-check@v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}