-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Expand file tree
/
Copy pathaudit.toml
More file actions
33 lines (28 loc) · 1.35 KB
/
audit.toml
File metadata and controls
33 lines (28 loc) · 1.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# All of the options which can be passed via CLI arguments can also be
# permanently specified in this file.
[advisories]
# The ignored vulnerability RUSTSEC-2024-0388 is tracked by #59
# The ignored vulnerability RUSTSEC-2025-0009 is tracked by #150
# Vulnerability RUSTSEC-2023-0071 is not tracked: rsa used by sqlx but not included on relayer (verified with cargo tree)
ignore = ["RUSTSEC-2024-0388", "RUSTSEC-2025-0009", "RUSTSEC-2023-0071"]
informational_warnings = ["unmaintained"]
severity_threshold = "medium"
# Advisory Database Configuration
[database]
path = ".cargo/advisory-db" # Path where advisory git repo will be cloned
url = "https://github.com/RustSec/advisory-db.git" # URL to git repo
fetch = true # Perform a `git fetch` before auditing (default: true)
stale = false # Allow stale advisory DB (i.e. no commits for 90 days, default: false)
# Output Configuration
[output]
deny = [] # exit on error if unmaintained dependencies are found
format = "terminal" # "terminal" (human readable report) or "json"
quiet = false # Only print information on error
show_tree = false # Show inverse dependency trees along with advisories (default: true)
# Target Configuration
[target]
os = "linux"
# arch = "x86_64"
[yanked]
enabled = true # Warn for yanked crates in Cargo.lock (default: true)
update_index = true # Auto-update the crates.io index (default: true)