Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: add a cargo audit action #4862

Merged
merged 5 commits into from
Nov 13, 2024
Merged

chore: add a cargo audit action #4862

merged 5 commits into from
Nov 13, 2024

Conversation

dougch
Copy link
Contributor

@dougch dougch commented Oct 29, 2024

Description of changes:

Add an action to flag the usage of crates with security advisories, using cargo audit

Call-outs:

This won't run as part of the PR process, due to permissions with PRs from forks, as called out on the action README:

Due to [token permissions](https://help.github.com/en/articles/virtual-environments-for-github-actions#token-permissions), this Action WILL NOT be able to create Checks for Pull Requests from the forked repositories, see https://github.com/actions-rs/clippy-check/issues/2 for details.

Instead, this will run on a schedule or pushes to main, creating issues for any findings, e.g.:
RUSTSEC-2024-0375

Testing:

How is this change tested (unit tests, fuzz tests, etc.)? CI for the action

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@dougch dougch requested a review from goatgoose October 29, 2024 23:04
@github-actions github-actions bot added the s2n-core team label Oct 29, 2024
@dougch dougch requested a review from lrstewart November 12, 2024 18:40
@dougch dougch enabled auto-merge (squash) November 12, 2024 19:05
@dougch dougch merged commit b4c8e6c into aws:main Nov 13, 2024
37 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants