feat(ci): adds cargo audit workflow (#1318)

* feat(ci): adds cargo audit workflow

* feat(audit): ignore serde_cbor dev-dependency
This commit is contained in:
Genysys 2022-05-28 00:33:25 +04:00 committed by GitHub
parent 7b9503c8b0
commit b3c387090c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 0 deletions

4
.cargo/audit.toml Normal file
View File

@ -0,0 +1,4 @@
[advisories]
ignore = [
"RUSTSEC-2021-0127", # serde_cbor dependency through the criterion dev-dependency
]

14
.github/workflows/audit-on-push.yml vendored Normal file
View File

@ -0,0 +1,14 @@
name: Security audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}