File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ # `cargo audit` config file
2+ #
3+ # All of the options which can be passed via CLI arguments can also be
4+ # permanently specified in this file.
5+ #
6+ # See original example: https://raw.githubusercontent.com/rustsec/rustsec/refs/heads/main/cargo-audit/audit.toml.example
7+
8+ [advisories ]
9+ ignore = [] # advisory IDs to ignore e.g. ["RUSTSEC-2019-0001", ...]
10+
11+ # Output Configuration
12+ [output ]
13+ quiet = false # Only print information on error
14+ show_tree = true # Show inverse dependency trees along with advisories (default: true)
15+
16+ [yanked ]
17+ enabled = true # Warn for yanked crates in Cargo.lock (default: true)
18+ update_index = true # Auto-update the crates.io index (default: true)
Original file line number Diff line number Diff line change 1+ name : Audit
2+
3+ # Performs a security audit of Rust dependencies using `cargo-audit` through the `actions-rust-lang/audit` action.
4+ # Runs nightly on schedule and when Cargo.toml, Cargo.lock, or audit.toml files are modified.
5+ # Helps identify known security vulnerabilities in the dependency tree.
6+
7+ on :
8+ push :
9+ paths :
10+ # Run if workflow changes
11+ - ' .github/workflows/audit.yml'
12+ # Run on changed dependencies
13+ - ' **/Cargo.toml'
14+ # Run if the configuration file changes
15+ - ' **/audit.toml'
16+ # Rerun periodically to pick up new advisories
17+ schedule :
18+ - cron : ' 0 0 * * *' # Nightly
19+ # Run manually
20+ workflow_dispatch :
21+
22+ jobs :
23+ audit :
24+ runs-on : ubuntu-latest
25+ permissions :
26+ contents : read
27+ issues : write
28+ steps :
29+ - uses : actions/checkout@v6
30+ with :
31+ persist-credentials : false
32+ - uses : actions-rust-lang/audit@v1
33+ name : Audit Rust Dependencies
You can’t perform that action at this time.
0 commit comments