diff --git a/.github/workflows/audit.yml b/.github/workflows/deny.yml similarity index 87% rename from .github/workflows/audit.yml rename to .github/workflows/deny.yml index 5b75d6162c85..7ce00cabd2f9 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/deny.yml @@ -4,7 +4,7 @@ # 1. Checks licenses for allowed license. # 2. Checks Rust-Sec registry for security advisories. -name: Cargo Audit +name: Cargo Deny on: pull_request: merge_group: @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: EmbarkStudios/cargo-deny-action@v1 + - uses: EmbarkStudios/cargo-deny-action@v2 with: arguments: --all-features --workspace command-arguments: -s diff --git a/deny.toml b/deny.toml index 39be523ebd19..733f91e12f36 100644 --- a/deny.toml +++ b/deny.toml @@ -7,10 +7,7 @@ [advisories] db-path = "~/.cargo/advisory-db" db-urls = ["https://github.com/rustsec/advisory-db"] -vulnerability = "deny" -unmaintained = "warn" yanked = "deny" -notice = "warn" # A list of advisory IDs to ignore. Note that ignored advisories will still # output a note when they are encountered. ignore = [ @@ -21,19 +18,14 @@ ignore = [ # More documentation for the licenses section can be found here: # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html [licenses] -default = "deny" -unlicensed = "deny" -copyleft = "deny" allow = [ "MIT", "Apache-2.0", ] -allow-osi-fsf-free = "neither" confidence-threshold = 0.8 # All these exceptions should probably appear in: tools/build-kani/license-notes.txt exceptions = [ - { name = "Inflector", allow=["BSD-2-Clause"] }, { name = "unicode-ident", allow=["Unicode-DFS-2016"] }, ]