name: Security Audit
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
push:
branches: [ "main" ]
env:
CARGO_TERM_COLOR: always
jobs:
audit:
name: Security Vulnerability Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Setup Rust
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: stable
- name: Install cargo-audit
continue-on-error: true
run: cargo install cargo-audit --locked
- name: Run cargo-audit
continue-on-error: true
run: cargo audit || echo "::warning::cargo-audit skipped due to database error"
dependency-review:
name: Dependency License and Security Review
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Setup Rust
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: stable
- name: Cache cargo-deny
uses: actions/cache@v5
with:
path: ~/.cargo/bin/cargo-deny
key: ${{ runner.os }}-cargo-deny
restore-keys: |
${{ runner.os }}-cargo-deny
- name: Install cargo-deny
run: cargo-deny --version || cargo install cargo-deny --locked
- name: Check advisories
run: cargo deny check advisories
- name: Check sources
run: cargo deny check sources
- name: Check licenses
continue-on-error: true
run: cargo deny check licenses
- name: Check bans
continue-on-error: true
run: cargo deny check bans