audit-check
audit-check copied to clipboard
rustsec
🛡️ GitHub Action for security audits
Copying https://github.com/actions-rs/audit-check/issues/163 to this fork. ## Description This action calls `cargo generate-lockfile`, which overwrites `Cargo.lock` according to `cargo` docs[^1] > This command will create the Cargo.lock lockfile for the current...
Added support for a `working-directory` input. See https://github.com/rustsec/audit-check/issues/14 ## Changes - Added `working-directory` input - Defaults to `.` when not passed. (assume current directory. Maintains backwards comparability) - ~~Updated the...
I have a polyglot project with a backend in rust under `./backend` and a frontend in elm. The project does not have a `Cargo.toml` or `Cargo.lock` in the project root....
I've noticed that occasionally, this action will fail but re-running seems to result in success: Failure: https://github.com/microsoft/windows-drivers-rs/actions/runs/7647254535/job/20837787535?pr=78 Success: https://github.com/microsoft/windows-drivers-rs/actions/runs/7647254535/job/20837822606?pr=78 Error: ``` Calling cargo-audit (JSON output) C:\Users\runneradmin\.cargo\bin\cargo.exe audit --json 2024-01-24T22:51:25.296515Z WARN...
Could a way to pass arguments to the invocation be added? A way to enable flags like `-Dunsound` without a configuration file would be great. Alternatively, maybe something like `RUSTSECFLAGS=-Dyanked`...
We are also consuming API query per advisory when checking if one already exists which is sub-optimal This is due to using the REST API Check if with GraphQL via...
Currently if a crate has both unmaintained and unsound we raise two issues It should be an issue per crate combined all the outstanding advisories
Often audit hits a dependency that is way below dependency tree and simple task such as including cargo tree graph in the issue could be beneficial as many don't understand...
I'm feeling dopey: I changed a project (https://github.com/richb-hanover/prql/blob/main/.github/workflows/nightly.yaml) to use rustsec/[email protected]. I did this to get away from the "Node16" warning from my previous action. But I'm still getting [this...
I'm using `rustsec/audit-check@v2` and receiving the following error: ``` No vulnerabilities were found Warning: 1 warnings found! Found 1 other Error: Unable to publish audit check! Reason: HttpError: Resource not...
