Skip to content

CI: Add cargo audit security workflow#2373

Merged
iffyio merged 3 commits into
apache:mainfrom
LucaCappelletti94:ci/cargo-audit
Jul 2, 2026
Merged

CI: Add cargo audit security workflow#2373
iffyio merged 3 commits into
apache:mainfrom
LucaCappelletti94:ci/cargo-audit

Conversation

@LucaCappelletti94

@LucaCappelletti94 LucaCappelletti94 commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Adds a Security audit CI workflow that runs cargo-audit against the dependency tree on changes to Cargo.toml or Cargo.lock, on pull requests and the merge queue, and on a daily schedule.

Known RUSTSEC advisories fail CI via cargo audit --deny warnings, and the daily run catches newly published advisories even when dependencies have not changed.

The workflow uses no third-party actions and only contents: read permissions. Running cargo audit --deny warnings locally against the current tree passes with no advisories.

@LucaCappelletti94

Copy link
Copy Markdown
Contributor Author

@iffyio I would think this is a straightforward one? I just want to add a bit more security given the ongoing dependency attacks that are occurring.

@iffyio iffyio left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks @LucaCappelletti94!

@iffyio iffyio added this pull request to the merge queue Jul 2, 2026
Merged via the queue into apache:main with commit 5e7b007 Jul 2, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants