File tree Expand file tree Collapse file tree 1 file changed +42
-0
lines changed Expand file tree Collapse file tree 1 file changed +42
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Cargo Audit
2+
3+ on :
4+ pull_request :
5+ push :
6+ branches :
7+ - master
8+
9+ jobs :
10+ audit :
11+ runs-on : ubuntu-latest
12+ steps :
13+ - name : Checkout code
14+ uses : actions/checkout@v4
15+
16+ - name : Install Rust
17+ uses : actions-rs/toolchain@v1
18+ with :
19+ toolchain : stable
20+ override : true
21+
22+ - name : Install cargo-audit
23+ run : cargo install cargo-audit
24+
25+ - name : Run cargo audit
26+ run : cargo audit --json > audit.json || true
27+
28+ - name : Check for critical vulnerabilities
29+ run : |
30+ CRITICAL_COUNT=$(jq '[.vulnerabilities.list[] | select(.advisory.severity == "critical")] | length' audit.json)
31+ echo "Found $CRITICAL_COUNT critical vulnerabilities"
32+ if [ "$CRITICAL_COUNT" -gt 0 ]; then
33+ echo "Critical vulnerabilities detected!"
34+ exit 1
35+ fi
36+
37+ name : Upload audit report artifact
38+ if : always()
39+ uses : actions/upload-artifact@v4
40+ with :
41+ name : cargo-audit-report
42+ path : audit-results/audit.json
You can’t perform that action at this time.
0 commit comments