Skip to content

ci: add cargo audit for dependency security scanning#28

Merged
mark-pro merged 3 commits intooneirosoft:mainfrom
don-petry:ci/cargo-audit
Apr 1, 2026
Merged

ci: add cargo audit for dependency security scanning#28
mark-pro merged 3 commits intooneirosoft:mainfrom
don-petry:ci/cargo-audit

Conversation

@don-petry
Copy link
Copy Markdown
Contributor

@don-petry don-petry commented Mar 31, 2026

Summary

  • Add a dedicated audit job to the CI workflow that runs cargo audit to detect known vulnerabilities in dependencies
  • Installs cargo-audit with --locked for reproducible builds
  • Runs as an independent job alongside the existing verify job

Refs #11 (item 6)

Test plan

  • Verify the new Security Audit job appears in CI and runs successfully
  • Confirm it does not block or interfere with the existing verify job
  • Validate that known advisories are surfaced in the job output

🤖 Generated with Claude Code

@claude
ci: add cargo audit for dependency security scanning
7bb7425 
Add a separate security audit job to the CI workflow that runs
cargo-audit to check for known vulnerabilities in dependencies.

Refs oneirosoft#11 (item 6)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 31, 2026 02:48
@don-petry don-petry mentioned this pull request Mar 31, 2026
Closed
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds dependency security scanning to the CI pipeline by introducing a dedicated Security Audit job that runs cargo audit alongside the existing verify job.

Changes:

  • Add an audit CI job that installs cargo-audit and runs cargo audit
  • Keep the new security scan as an independent job (parallel to verify)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

DJ and others added 2 commits March 30, 2026 20:12
@claude
fix: add Rust toolchain and cache to audit job
df028c5 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mark-pro
ci: use rustsec/audit-check for security scanning
e16e0ce 
Replace manual cargo-audit installation and execution with the official rustsec/audit-check action for significantly faster CI runs and automatic PR annotations.
@mark-pro mark-pro merged commit 35c79c4 into oneirosoft:main Apr 1, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@don-petry @mark-pro