name: Security Audit
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 9 * * 1'
jobs:
security-audit:
name: Security Audit with cargo-deny
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-deny
run: cargo install cargo-deny --locked
- name: Run cargo-deny check
run: cargo deny check
continue-on-error: false
- name: Upload advisory report
if: always()
uses: actions/upload-artifact@v4
with:
name: security-advisory-report
path: |
deny.toml
SECURITY.md
cargo-audit:
name: Dependency Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-audit
run: cargo install cargo-audit
- name: Run cargo audit
run: cargo audit --ignore RUSTSEC-2023-0071
continue-on-error: false