Skip to content

Add cargo-audit security scanning to CI #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
martinemde wants to merge 1 commit into from
Closed

Add cargo-audit security scanning to CI #31

martinemde wants to merge 1 commit into from

Conversation

@martinemde
Copy link
Contributor

@martinemde martinemde commented Jan 7, 2026

Summary

  • Integrate cargo-audit as required CI check before releases
  • Update audit.yml workflow to use modern tooling
  • Add security-audit job as dependency for release jobs

Changes

  • .github/workflows/ci.yml: Add security-audit job, make release depend on it
  • .github/workflows/audit.yml: Replace deprecated actions-rs/audit-check with cargo-audit

Security Benefits

  • Block releases with known security vulnerabilities
  • Continuous security monitoring of dependencies
  • Modern cargo-audit tooling with better performance

Test Plan

  • Local cargo audit passes with no vulnerabilities
  • CI security gate validation
  • Verify release blocking on audit failures

Part of PKS release process modernization (atomic PR #3/4).

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

@martinemde
Add cargo-audit security scanning as release gate
618cf49 
Integrates cargo-audit into the CI workflow as a required check that
must pass before releases can proceed. Also updates the standalone
audit.yml to use modern cargo-audit tooling instead of the deprecated
actions-rs/audit-check action.

- Add security-audit job to ci.yml
- Make release job depend on security-audit passing
- Update audit.yml to use cargo-audit directly with actions/checkout@v4
@github-project-automation github-project-automation bot moved this to Triage in Modularity Jan 7, 2026
@martinemde
Copy link
Contributor Author

martinemde commented Jan 7, 2026

audit-check is archived: https://github.com/actions-rs/audit-check

@martinemde martinemde requested a review from ivy January 7, 2026 22:07
@martinemde martinemde closed this Jan 9, 2026
@github-project-automation github-project-automation bot moved this from Triage to Done in Modularity Jan 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ivy ivy Awaiting requested review from ivy

Assignees

No one assigned

Labels

None yet

Projects

Modularity
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martinemde