paserk 0.4.0

Platform-Agnostic Serialized Keys (PASERK) for PASETO
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

name: Security

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    # Run weekly on Mondays at 00:00 UTC to catch new advisories
    - cron: '0 0 * * 1'

env:
  CARGO_TERM_COLOR: always

jobs:
  # Security audit using cargo-audit
  audit:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust stable
        uses: dtolnay/rust-toolchain@stable

      - name: Install cargo-audit
        run: cargo install cargo-audit

      - name: Run security audit
        # Ignore RUSTSEC-2023-0071 (RSA Marvin Attack) - only used with k1-insecure feature
        run: cargo audit --ignore RUSTSEC-2023-0071

  # Dependency analysis using cargo-deny
  deny:
    name: Cargo Deny
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust stable
        uses: dtolnay/rust-toolchain@stable

      - name: Install cargo-deny
        run: cargo install cargo-deny

      - name: Check licenses
        run: cargo deny check licenses

      - name: Check bans
        run: cargo deny check bans

      - name: Check advisories
        run: cargo deny check advisories

      - name: Check sources
        run: cargo deny check sources

  # Supply chain security - verify dependencies
  supply-chain:
    name: Supply Chain
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust stable
        uses: dtolnay/rust-toolchain@stable

      - name: Generate Cargo.lock if missing
        run: cargo generate-lockfile

      - name: Verify Cargo.lock is up to date
        run: cargo update --locked