Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automate running cargo-audit to catch dependencies with security vulnerabilities #212

Closed
romoh opened this issue Jan 19, 2021 · 0 comments · Fixed by #216
Closed

Automate running cargo-audit to catch dependencies with security vulnerabilities #212

romoh opened this issue Jan 19, 2021 · 0 comments · Fixed by #216
Assignees
@romoh

Comments

@romoh
Copy link
Contributor

romoh commented Jan 19, 2021

Is your feature request related to a problem? Please describe.
It is related to #208

Is your feature request related to a way you would like Akri extended? Please describe.
No, it is related to keeping Akri dependencies secure.

Describe the solution you'd like
cargo-audit is a tool which inspects Cargo.lock files and compares them against the RustSec Advisory Database, a community database of security vulnerabilities. It can detect dependencies with security risks and thus it will be useful to automatically run cargo-audit with pull requests through gitactions to catch issues for newly added dependencies.

Describe alternatives you've considered
N/A

Additional context
N/A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romoh romoh

Labels
None yet
Projects
Akri Roadmap
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add security audit workflow [SAME VERSION] romoh/akri
1 participant
@romoh