From abfc144fc46233205d3a0905ca7475330f263bf9 Mon Sep 17 00:00:00 2001 From: Veetaha Date: Sun, 2 Aug 2020 03:36:57 +0300 Subject: [PATCH] Replace cargo-audit with cargo-deny `cargo-audit` is likely going to be replaced by `cargo-deny` See this issue: https://github.com/EmbarkStudios/cargo-deny/issues/194 --- .github/workflows/ci.yaml | 19 +++++-------- deny.toml | 56 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 13 deletions(-) create mode 100644 deny.toml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2acd440122b6..4fc8e3c11dcf 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -16,19 +16,12 @@ env: RUSTUP_MAX_RETRIES: 10 jobs: - # rust-audit: - # name: Audit Rust vulnerabilities - # runs-on: ubuntu-latest - # steps: - # - name: Checkout repository - # uses: actions/checkout@v2 - - # - uses: actions-rs/install@v0.1 - # with: - # crate: cargo-audit - # use-tool-cache: true - - # - run: cargo audit + cargo-deny-check: + name: Audit Rust codebase + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: EmbarkStudios/cargo-deny-action@v1 rust: name: Rust diff --git a/deny.toml b/deny.toml new file mode 100644 index 000000000000..ae007f80e6a7 --- /dev/null +++ b/deny.toml @@ -0,0 +1,56 @@ +# See docs: https://embarkstudios.github.io/cargo-deny/checks/index.html + +[advisories] +vulnerability = "deny" +unmaintained = "deny" +yanked = "deny" +ignore = [ + # This crate is used through `vfs-notify`. + # + # Original error message: + # The [`net2`](https://crates.io/crates/net2) crate has been deprecated + # and users are encouraged to considered [`socket2`](https://crates.io/crates/socket2) instead. + "RUSTSEC-2020-0016" +] +notice = "deny" + +[bans] +multiple-versions = "deny" +skip = [ + # This older version of winapi is pulled through vfs-notify + { version = "=0.2.8", name = "winapi" } + + # { version = "=0.42.0", name = "crate_name_here" }, +] +skip-tree = [ + # { version = "=0.42.0", name = "crate_name_here", depth = 6 }, +] +deny = [] + +[sources] +unknown-registry = "deny" +unknown-git = "deny" +allow-registry = ["https://github.com/rust-lang/crates.io-index"] +allow-git = [] + +[licenses] +unlicensed = "deny" +copyleft = "deny" + +# Run `cargo deny list` to see which crates use which license +# and add them to this array if you accept them +allow = [ + "MIT", + "Apache-2.0", + "ISC", + "BSD-2-Clause", + "BSD-3-Clause", + "CC0-1.0", + "Zlib", +] +deny = [] +default = "deny" +allow-osi-fsf-free = "neither" + +# We want really high confidence when inferring licenses from text +confidence-threshold = 0.93