Skip to content
This repository has been archived by the owner on Sep 26, 2023. It is now read-only.

Commit

Permalink
Add cargo deny to audit licenses of dependencies
Browse files Browse the repository at this point in the history
- Add earthly target `check-license` for checking licenses
- Update github actions to `cargo deny licenses sources bans` on every pr excluding advisories
- Add github action nightly job to run `cargo deny` including advisories
  • Loading branch information
expressvpn-mariappan-r committed Aug 31, 2023
1 parent a63355f commit d8ee113
Show file tree
Hide file tree
Showing 5 changed files with 103 additions and 27 deletions.
7 changes: 7 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,10 @@ jobs:
- uses: actions/checkout@v3
- name: Lint crate
run: earthly --ci +lint
cargo-deny:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: EmbarkStudios/cargo-deny-action@v1
with:
command: check bans licenses sources
12 changes: 12 additions & 0 deletions .github/workflows/nightly-cargo-deny.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: Nightly `cargo deny` checks
on:
schedule:
- cron: '17 6 * * *'
workflow_dispatch:

jobs:
cargo-deny:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: EmbarkStudios/cargo-deny-action@v1
5 changes: 5 additions & 0 deletions Earthfile
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,8 @@ lint:
RUN rustup component add clippy
RUN apt-get install -qqy bsdextrautils
RUN cargo clippy --all-features --all-targets -- -D warnings

check-license:
RUN cargo install --locked cargo-deny
COPY --dir src tests Cargo.toml Cargo.lock deny.toml ./
RUN cargo deny --all-features check bans license sources
52 changes: 52 additions & 0 deletions deny.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
#"RUSTSEC-0000-0000",
]
# * None - CVSS Score 0.0
# * Low - CVSS Score 0.1 - 3.9
# * Medium - CVSS Score 4.0 - 6.9
# * High - CVSS Score 7.0 - 8.9
# * Critical - CVSS Score 9.0 - 10.0
severity-threshold = "High"

[licenses]
default = "deny"
copyleft = "deny"
unlicensed = "deny"
allow = [
"MIT",
"Apache-2.0",
"GPL-2.0",
"Unicode-DFS-2016",
"BSD-3-Clause",
"ISC",
]
allow-osi-fsf-free = "neither"
confidence-threshold = 0.8
exceptions = [
#{ allow = ["Zlib"], name = "adler32", version = "*" },
]

[licenses.private]
ignore = true

[bans]
multiple-versions = "warn"
wildcards = "allow"
highlight = "all"
workspace-default-features = "allow"
external-default-features = "allow"

[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = [
"https://github.com/open-quantum-safe/liboqs-rust",
]
54 changes: 27 additions & 27 deletions examples/test_certs/pq-osa-ca.crt
Original file line number Diff line number Diff line change
@@ -1,29 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFCzCCAvOgAwIBAgIUavME2jj8LFyR4tz95Uc8eKKrYmswDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UEAwwKb3FzdGVzdF9DQTAeFw0yMjA3MzEwOTQ5NThaFw0yMzEy
MTMwOTQ5NThaMBUxEzARBgNVBAMMCm9xc3Rlc3RfQ0EwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQDuURsbjnFzcUIISF/8zse/DgLAaHf6hdxlqZvTwZKV
+4pu1IAsKNgzLXYLqbtaKP96IdRscBLcWitp4o+SEYyFsrrTF4N35HtALbkQpDKO
nIVj7Mlt+dvKRLgT5Ll6VQSzmsgqhENabwb1XSpmMlV29VAilseNXOe8uhNjnEPW
ZJ5AFESJZx3ltIA1pqUrt/uIQhvlswRdKssyk/AoZjuA+Ybz628PeV4u3q4lc3sZ
xDRb1HY5kotd/nlwI1JQqGpJvsUjKAFLgF5QiCIxix5JXNHgf2h/0thhqkjLq3BF
wpKIJZW2WwW0F3TS1ourmT619+XrDs+3q0d3WtXY1iwNf6PYqbxpNfqKgzw7oULA
MduAlfTeCDpem13JkdJpl/1cQt+1nrLyiOwEGCpmdo0jBwcUr355Oqe9HQY24VOj
rOLmMZIIBiA759hXyK7HBn7+TtqNVRRgZoO+4a4WRqLHJ3qQHAfjQmL6mVhGCUC0
e7gqtp92wOVn3J6SXlIbclvyfQJKoTJLEz83IXjUKgV1BqYZ/UdjoA+aZmDSRSMc
CvmyzyA3takr2hkhJf70duPlzcxgIhchoZKtiGb7xpGvwQN8xpkbKxeXQaAPUVyg
RGRoG0pCtpzWAYkt9hHIMKiYUHvi0aNMDptKKNLGCqnaCcwqb1LyVZyxZ+EoLj8K
FwIDAQABo1MwUTAdBgNVHQ4EFgQUN1SCM+6DvXQ0K9rpAV9SJbqzY7QwHwYDVR0j
BBgwFoAUN1SCM+6DvXQ0K9rpAV9SJbqzY7QwDwYDVR0TAQH/BAUwAwEB/zANBgkq
hkiG9w0BAQsFAAOCAgEABponyfODLkcG5WHP9PrRNn0OmPl7DI6UBhS/N6SxvwN6
Fe/TPu1qYYFZOvPx57CJZOZvroOQ024CTtj/EO8B+JFFT6EHjYvC0FH9Z+Hyo5MP
fd2GAIRJhh+Jo+PMTIxg6ToZhPbNto4OLyY6qcmJyz+WwJ01VwSGIrZef9nb5a3+
wNlOHOnbfZh0IkIss6n3bGq9s+fx42+jdrMPxaBY0L1xtuMDodjcLlzlmOySmfBV
KbdppbYsnv3kAe2cqpL37UraIo/jER5BQbAmkh8qKZ66X9JnQaiPFqcAbEb1tqDL
XSlkWJiTV6E9k3FaULiE93WvFB/JLwkiAZhLzU3JyTJkfD0tMVF8NL1q2g2/RtGg
BWjxfY3YYk9Pcm09jbVxVuvSI/PqjAs9Tw1P6gJYq2ZbCC0ssSLAHLMCp80sPtEh
et0+SB7wS14hK138NAupTT9lZMmUHxeVbbMQ3c/3VvA0CU3/nnkLCUBe8F3MtbIH
dLv4uL7FWFPFf3cTesTBam1LhkiuUKIvV9w3nOfaYD4lvtI3zxTGu9zYQQXdp964
xdY/Jvfz7n/8ZF3e5mtm7K8mp4NAPJZWFv9jS8Qu7iEfG61zBavn2Rc4W4jd9gRr
GAPCdl05udTDQBNqRjVvhPH2djCIEmyb9o2c7Vf89/hiEhCuUHshJEGCBv+Pkj0=
MIIFCzCCAvOgAwIBAgIUCpn6WBGVTKUeNehaBCnHK4AgfrUwDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UEAwwKb3FzdGVzdF9DQTAeFw0yMzA4MDgxMDQwMzRaFw0yNDEy
MjAxMDQwMzRaMBUxEzARBgNVBAMMCm9xc3Rlc3RfQ0EwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCnUS9KCJuwwGbgdsYoVkU7pp/M5gApTHdURaSx1NN+
0f50155cJvk0FZjJibL5wOawGcsDXQ31ujaXvtZPEWDbW8wUNhM66vLUjY8SuWNW
AoK2O42EH8jxNBNTethojZxMs+IKijh25Iz8O8nrNXPV1kQAPts9y9XHL8KNAGcS
+6xpRb19dln83veoIGvwkLcde/xmkWtkhDKiaT4TkTTNSVMavP4X8nGlzVkWYxiT
XjY36G784rPz6bY8G7dyrxDk4awOCktY5Hmw6C1gy6FxVTFezCPqVJMlznO/vu42
DtzHis9ztT3Yo3j2vroywHNa8F4E6lQVZtMOnqPm+bo65imWCmDMYToWMuA22a4O
CWYy6riOSKhMh2h1bn+b+/F2PxN4m7rfF9EgNAWjDYoQI75bXpGgFswVYbV3NHwM
jiwKAt5lW0ZrHELwnXDg3YeozvL/aBxtknhhHv4e9cwr91LbDjPZYbiVrtjlIzLk
O8TqdjdanDPsFTvscMd6CGy6ZPuJta60FcsBazQOVLo6avkZlGvosPstmcM1Cmkb
uXHprdWjW5eCesf28LXl0zlJzAldcleHva8JFsgv9Qyjhz91n9YPb1pnSb5o9YY8
WNYqq6vZgQb9uxna99CmZtlbFKueusn0BWyOYldnbW0J/dhWA2J1f/smC80oRNnP
HQIDAQABo1MwUTAdBgNVHQ4EFgQUQuYEXbkQgyG7YNznz3zXpmDo0sowHwYDVR0j
BBgwFoAUQuYEXbkQgyG7YNznz3zXpmDo0sowDwYDVR0TAQH/BAUwAwEB/zANBgkq
hkiG9w0BAQsFAAOCAgEADkGyktZjsMQcRguJAV6ZS9et35rzRaBUmMqZ4rRnTGqA
q/z6gKArC6n2zm0w9DHbBpVrLKqCmC/F1Pyhmm975Y8mPiQl1BzO86ShsMhBtFLZ
YBmikWicZtt2bznLSCwyMB6WoaG4OrCgigqFkiPHX18SwblgRaI+6J4BxrKqEMRz
Qjo4BzpqBxepDGwe4xJVFA/KoO9QENSj35h+15RHNC33nMPmE068R4jwVFSvKmJe
9qVJjbMQqBtsbVW/1jcgYKUIlg2IPMzplbvrZzWX3EZ7vOZx6g3nI9gDEx2g2WKN
t4fDXpzsNpdqFOdol9eRzUpHbkg1N9SRZLB1HGZ3+5xgQq0o0alHdEp5I/du0ESE
SQASXOdZgrxjIErm3xq/cVms0JBhia1tYAJnW9CjM9I0YdG/zwH6BK/m5RWQzkNV
N6n5lsgHrtWjlcUPMgd8OGTR7F1HQW5q8LDMDhI6ebuiRoMc7BJD0OsZKrohpCLz
MgXtU+muFVWaRd6q+8KcX6NilSrG88+SMnTJCEyillQ578X3MlkJMSx/XHwDAS14
JK8yIcMmTLVxpc4RAMR7milNrCVBZHxLwhgTWvxf5BXw1Fiif4iyemBdS6W/m4h2
QiwOZdgXDK7NYwekF9H+vl4EGTYA6AiccaTuNiTVWS9hivRcucNZ92MJaomdypc=
-----END CERTIFICATE-----

0 comments on commit d8ee113

Please sign in to comment.