File tree Expand file tree Collapse file tree 1 file changed +40
-0
lines changed Expand file tree Collapse file tree 1 file changed +40
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Cargo Audit
2+
3+ on :
4+ push : {}
5+ pull_request : {}
6+
7+ jobs :
8+ audit :
9+ runs-on : ubuntu-latest
10+ steps :
11+ - name : Checkout code
12+ uses : actions/checkout@v4
13+
14+ - name : Install Rust
15+ uses : actions-rs/toolchain@v1
16+ with :
17+ toolchain : stable
18+ override : true
19+
20+ - name : Install cargo-audit
21+ run : cargo install cargo-audit
22+
23+ - name : Run cargo audit
24+ run : cargo audit --json > audit.json || true
25+
26+ - name : Check for critical vulnerabilities
27+ run : |
28+ CRITICAL_COUNT=$(jq '[.vulnerabilities.list[] | select(.advisory.severity == "critical")] | length' audit.json)
29+ echo "Found $CRITICAL_COUNT critical vulnerabilities"
30+ if [ "$CRITICAL_COUNT" -gt 0 ]; then
31+ echo "Critical vulnerabilities detected!"
32+ exit 1
33+ fi
34+
35+ name : Upload audit report artifact
36+ if : always()
37+ uses : actions/upload-artifact@v4
38+ with :
39+ name : cargo-audit-report
40+ path : audit-results/audit.json
You can’t perform that action at this time.
0 commit comments