audit-check-0.2.0 is not a library.
audit-check
A GitHub Action that runs cargo audit on your Rust project and optionally opens a GitHub issue when RustSec advisories are found.
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
token |
yes | — | GitHub token (${{ secrets.GITHUB_TOKEN }}) |
deny |
no | warnings |
Fail on: warnings (any), unmaintained, unsound, yanked |
level |
no | INFO |
Log level: TRACE, DEBUG, INFO, WARN, ERROR |
create_issue |
no | false |
Open a GitHub issue when advisories are found |
Usage
GitHub Action (recommended)
Minimal — add to any workflow step:
- uses: rustyhorde/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
Full example with all options:
- uses: rustyhorde/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
deny: warnings # warnings | unmaintained | unsound | yanked
level: INFO # TRACE | DEBUG | INFO | WARN | ERROR
create_issue: false # true | false
A complete scheduled audit workflow:
name: Security Audit
on:
push:
branches:
schedule:
- cron: '0 0 * * 0' # weekly on Sunday
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: rustyhorde/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
create_issue: true
Docker
The image is published to GitHub Container Registry. Run it locally against a Rust project:
Optional env vars:
Standalone CLI
Install the binary and run it directly. cargo audit must also be installed.
Install:
# Pre-built binary via cargo-binstall (fastest)
# Or build from source
# cargo-audit is a required runtime dependency
Run:
# e.g. rustyhorde/audit-check
# Optional
INPUT_TOKENis always required even whencreate_issueisfalse. A classic PAT withpublic_reposcope (orrepofor private repositories) is sufficient.