name: Security
on:
push:
branches: [main]
paths: [Cargo.toml, Cargo.lock]
pull_request:
branches: [main]
paths: [Cargo.toml, Cargo.lock]
schedule:
- cron: "23 4 * * 1"
workflow_dispatch:
permissions:
contents: read
jobs:
audit:
name: RustSec audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 with:
token: ${{ secrets.GITHUB_TOKEN }}
dependency-review:
name: Dependency review
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 - uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294