# Dependency vulnerability audit for OpenMassSpecCore.
#
# Runs cargo-audit against the RustSec Advisory DB on every push/PR that
# touches the lockfile or manifests, plus a weekly schedule so advisories
# published after the last dependency change are still caught.
name: Audit
on:
push:
branches:
paths:
- "**/Cargo.toml"
- "Cargo.lock"
- ".github/workflows/audit.yml"
pull_request:
branches:
paths:
- "**/Cargo.toml"
- "Cargo.lock"
- ".github/workflows/audit.yml"
schedule:
- cron: "0 6 * * 1"
jobs:
audit:
name: cargo audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: taiki-e/install-action@cargo-audit
- run: cargo audit