name: Security
on:
push:
branches:
pull_request:
branches:
schedule:
- cron: '0 0 * * 1' # Weekly on Monday at midnight UTC
permissions:
contents: read
checks: write
security-events: write
jobs:
audit:
name: Cargo Audit
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Generate Cargo.lock for audit
run: cargo generate-lockfile
- name: Run cargo audit
uses: rustsec/audit-check@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}