Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run cargo audit by default #57

Open
djc opened this issue Sep 3, 2019 · 3 comments
Open

Run cargo audit by default #57

djc opened this issue Sep 3, 2019 · 3 comments
Labels
enhancement New feature or request

Comments

@djc
Copy link
Contributor

djc commented Sep 3, 2019
edited
Loading

Would be great to turn CI red on vulnerable dependencies.
@epage
Copy link
Contributor

epage commented Sep 3, 2019

Thoughts on CI vs a bot? Dependabot can automatically create PRs for security vulnerabilities which is more proactive than the CI which is in response to a PR, master commit, tag, and/or a schedule.

Ouch, looks like they don't offer pre-built binaries and seem to be against it. The slowdown caused by that seems bad from a defaults perspective.

@epage epage added the enhancement New feature or request label Sep 3, 2019
@djc
Copy link
Contributor Author

djc commented Sep 3, 2019

It's too bad that Azure doesn't have caching yet.

I basically agree with the author that we should get cargo-audit into cargo proper.

@epage
Copy link
Contributor

epage commented Sep 3, 2019

At least caching is in Preview

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@epage @djc