From 3bb64b40710169db7a8d27783b82b46416ba3a8b Mon Sep 17 00:00:00 2001
From: Benno van den Berg <bennovandenberg@gmail.com>
Date: Wed, 24 Apr 2024 16:19:36 +0200
Subject: [PATCH] Add deny.toml and cargo deny action

---
 .github/workflows/audit_rust.yml | 18 +++++++++++++
 deny.toml                        | 46 ++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 .github/workflows/audit_rust.yml
 create mode 100644 deny.toml

diff --git a/.github/workflows/audit_rust.yml b/.github/workflows/audit_rust.yml
new file mode 100644
index 0000000..eca88f5
--- /dev/null
+++ b/.github/workflows/audit_rust.yml
@@ -0,0 +1,18 @@
+name: Rust crate audit
+
+on:
+  push:
+    branches: ["**"]
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+  schedule:
+    - cron: "43 1 * * *"
+  workflow_dispatch:
+
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: EmbarkStudios/cargo-deny-action@v1
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 0000000..adf8004
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,46 @@
+[advisories]
+ignore = []
+yanked = "warn"
+
+[licenses]
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSD-3-Clause",
+    "MPL-2.0",
+    "ISC",
+    "BSD-2-Clause",
+    "Unicode-DFS-2016",
+    "Zlib",
+    "CC0-1.0",
+    "0BSD",
+    "Unlicense",
+    "OpenSSL",
+]
+confidence-threshold = 0.8
+exceptions = []
+
+[[licenses.clarify]]
+crate = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
+[licenses.private]
+ignore = true
+
+[bans]
+multiple-versions = "allow"
+wildcards = "allow"
+highlight = "all"
+workspace-default-features = "allow"
+external-default-features = "allow"
+
+deny = []
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []
+