1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# cargo-deny configuration
# https://embarkstudios.github.io/cargo-deny/
[]
= [
"x86_64-unknown-linux-gnu",
"x86_64-apple-darwin",
"aarch64-apple-darwin",
]
#==============================================================================
# Advisories - Security vulnerability detection
#==============================================================================
[]
= "~/.cargo/advisory-db"
= ["https://github.com/rustsec/advisory-db"]
# Ignore specific advisories (with justification)
= [
# paste is unmaintained but pulled in by fastembed → tokenizers (transitive dep)
"RUSTSEC-2024-0436",
]
#==============================================================================
# Licenses - Allowed licenses
#==============================================================================
[]
= 0.8
= { = true }
# List of allowed licenses (SPDX identifiers)
= [
"MIT",
"Apache-2.0",
"Zlib",
"Unicode-3.0",
"ISC",
"BSD-2-Clause",
"BSD-3-Clause",
"MPL-2.0",
"CDLA-Permissive-2.0",
]
#==============================================================================
# Bans - Crate-level bans
#==============================================================================
[]
= "warn"
= "all"
= "deny"
= "allow"
= "allow"
# Deny specific crates
= []
# Skip checking transitive deps we can't control
= [
# openssl pulled in by fastembed transitive deps (native-tls fallback)
{ = "openssl", = "Transitive dep from fastembed we can't control" },
]
#==============================================================================
# Sources - Allowed crate sources
#==============================================================================
[]
= "deny"
= "deny"
= ["https://github.com/rust-lang/crates.io-index"]