rust-lightning/.github/workflows/audit.yml

name: Security Audit
on:
  workflow_dispatch:
  schedule:
    - cron: '0 0 * * *'

jobs:
  audit:
    runs-on: ubuntu-latest
    permissions:
      issues: write
      checks: write
    steps:
      - uses: actions/checkout@v3
      - uses: rustsec/audit-check@v1.4.1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          ignore: "RUSTSEC-2021-0145"
              # RUSTSEC-2021-0145 pertains `atty`, which is a depencency of
              # `criterion`. While the latter removed the depencency in its
              # newest version, it would also require a higher `rustc`. We
              # therefore avoid bumping it to allow benchmarking with our
              # `rustc` 1.63 MSRV.
Introduce CI workflow running `cargo audit` In order to continuously monitor our dependencies for security vulnerabilities, we introduce a new CI job that will use `cargo audit` to check for any known vulnerabilities. This job is run on a daily schedule. For each new advisory, a new issue will be created. 2024-01-30 12:41:05 +01:00			`name: Security Audit`
			`on:`
			`workflow_dispatch:`
			`schedule:`
			`- cron: '0 0 * * *'`

			`jobs:`
			`audit:`
			`runs-on: ubuntu-latest`
			`permissions:`
			`issues: write`
			`checks: write`
			`steps:`
			`- uses: actions/checkout@v3`
			`- uses: rustsec/audit-check@v1.4.1`
			`with:`
			`token: ${{ secrets.GITHUB_TOKEN }}`
Have CI's `cargo audit` ignore `RUSTSEC-2021-0125` This advisory is only relevant for a downstream dependency of `criterion`, which we currently don't want to bump in order to continue benchmarking with our MSRV 1.63.0. We therefore just add it to our ignore list for now. 2024-02-16 11:33:37 +01:00			`ignore: "RUSTSEC-2021-0145"`
			# RUSTSEC-2021-0145 pertains `atty`, which is a depencency of
			# `criterion`. While the latter removed the depencency in its
			# newest version, it would also require a higher `rustc`. We
			`# therefore avoid bumping it to allow benchmarking with our`
			# `rustc` 1.63 MSRV.