From 8c897209aead8cd724f6f39fdb0d5691c3befa68 Mon Sep 17 00:00:00 2001 From: Ryan Walters Date: Wed, 20 Aug 2025 13:23:07 -0500 Subject: [PATCH] ci: drop cargo-audit, use cargo deny, add config, working checks --- .github/workflows/security-audit.yml | 8 +----- src-tauri/deny.toml | 39 ++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 7 deletions(-) create mode 100644 src-tauri/deny.toml diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml index 3193d48..8d9808f 100644 --- a/.github/workflows/security-audit.yml +++ b/.github/workflows/security-audit.yml @@ -11,17 +11,11 @@ jobs: steps: - uses: actions/checkout@v5 - - name: Install cargo-audit - uses: taiki-e/install-action@cargo-audit - - - name: Run cargo audit - run: cargo audit --file src-tauri/Cargo.lock - - name: Install cargo-deny uses: taiki-e/install-action@cargo-deny - name: Run cargo deny - run: cargo deny --manifest-path src-tauri/Cargo.toml check + run: cargo deny --manifest-path src-tauri/Cargo.toml check sources advisories bans --show-stats npm-audit: name: NPM Security Audit diff --git a/src-tauri/deny.toml b/src-tauri/deny.toml new file mode 100644 index 0000000..dd1f0cf --- /dev/null +++ b/src-tauri/deny.toml @@ -0,0 +1,39 @@ +[graph] +targets = [ + "x86_64-unknown-linux-gnu", + "x86_64-pc-windows-msvc", + "aarch64-apple-darwin", + "x86_64-apple-darwin", +] +all-features = true +no-default-features = false + +[output] +feature-depth = 1 + +[advisories] +ignore = [ + "RUSTSEC-2024-0429", +] +unmaintained = "workspace" + +[licenses] +allow = [] +confidence-threshold = 0.8 +exceptions = [] + +[licenses.private] +ignore = false +registries = [] + +[bans] +multiple-versions = "allow" +wildcards = "allow" +highlight = "all" +workspace-default-features = "allow" +external-default-features = "allow" +allow = [] + +[sources] +unknown-registry = "warn" +unknown-git = "warn" \ No newline at end of file