name: Security Audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
pull_request:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
schedule:
- cron: '0 0 * * 0'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Cache cargo
uses: actions/cache@v5
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
key: ${{ runner.os }}-cargo-audit-${{ hashFiles('**/Cargo.lock') }}
- name: Install cargo-audit
run: |
# Force install latest version to support CVSS 4.0
cargo install cargo-audit --force
- name: Run security audit
run: cargo audit
- name: Run cargo-deny
uses: EmbarkStudios/cargo-deny-action@v2
with:
log-level: warn
command: check
arguments: --all-features