{"id":13823005,"url":"https://github.com/actions-rs/audit-check","last_synced_at":"2025-05-16T17:32:53.422Z","repository":{"id":40064003,"uuid":"213677846","full_name":"actions-rs/audit-check","owner":"actions-rs","description":"🛡️ GitHub Action for security audits","archived":true,"fork":false,"pushed_at":"2023-06-25T16:49:25.000Z","size":2914,"stargazers_count":171,"open_issues_count":51,"forks_count":40,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-05-12T16:43:33.970Z","etag":null,"topics":["advisory","audit","cargo","github","rust","rust-lang","rustsec","security","vulnerability"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/rust-audit-check","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/actions-rs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"liberapay":"svartalf","patreon":"svartalf","custom":["https://svartalf.info/donate/","https://www.buymeacoffee.com/svartalf"]}},"created_at":"2019-10-08T15:11:16.000Z","updated_at":"2025-04-30T11:05:40.000Z","dependencies_parsed_at":"2024-09-01T18:11:08.800Z","dependency_job_id":"d59263df-29ba-4138-a5bd-7ad5c3879744","html_url":"https://github.com/actions-rs/audit-check","commit_stats":{"total_commits":57,"total_committers":2,"mean_commits":28.5,"dds":"0.33333333333333337","last_synced_commit":"35b7b53b1e25b55642157ac01b4adceb5b9ebef3"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-rs%2Faudit-check","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-rs%2Faudit-check/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-rs%2Faudit-check/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-rs%2Faudit-check/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions-rs","download_url":"https://codeload.github.com/actions-rs/audit-check/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254259369,"owners_count":22040819,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["advisory","audit","cargo","github","rust","rust-lang","rustsec","security","vulnerability"],"created_at":"2024-08-04T08:02:28.994Z","updated_at":"2025-05-16T17:32:53.002Z","avatar_url":"https://github.com/actions-rs.png","language":"TypeScript","funding_links":["https://liberapay.com/svartalf","https://patreon.com/svartalf","https://svartalf.info/donate/","https://www.buymeacoffee.com/svartalf"],"categories":["TypeScript"],"sub_categories":[],"readme":"# Rust `audit-check` Action\n\n![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)\n[![Gitter](https://badges.gitter.im/actions-rs/community.svg)](https://gitter.im/actions-rs/community)\n\n\u003e Security vulnerabilities audit\n\nThis GitHub Action is using [cargo-audit](https://github.com/RustSec/cargo-audit)\nto perform an audit for crates with security vulnerabilities.\n\n## Usage\n\n### Audit changes\n\nWe can utilize the GitHub Actions ability to execute workflow\nonly if [the specific files were changed](https://help.github.com/en/articles/workflow-syntax-for-github-actions#onpushpull_requestpaths)\nand execute this Action to check the changed dependencies:\n\n```yaml\nname: Security audit\non:\n  push:\n    paths: \n      - '**/Cargo.toml'\n      - '**/Cargo.lock'\njobs:\n  security_audit:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v1\n      - uses: actions-rs/audit-check@v1\n        with:\n          token: ${{ secrets.GITHUB_TOKEN }}\n```\n\nIt is recommended to add the `paths:` section into the workflow file,\nas it would effectively speed up the CI pipeline, since the audit process\nwill not be performed if no dependencies were changed.\n\n\nIn case of any security advisories found, [status check](https://help.github.com/en/articles/about-status-checks)\ncreated by this Action will be marked as \"failed\".\\\nNote that informational advisories are not affecting the check status.\n\n![Check screenshot](.github/check_screenshot.png)\n\n#### Limitations\n\nDue to [token permissions](https://help.github.com/en/articles/virtual-environments-for-github-actions#token-permissions),\nthis Action **WILL NOT** be able to create Checks for Pull Requests from the forked repositories,\nsee [actions-rs/clippy-check#2](https://github.com/actions-rs/clippy-check/issues/2) for details.\\\nAs a fallback this Action will output all found advisories to the stdout.\\\nIt is expected that this behavior will be fixed later by GitHub.\n\n## Scheduled audit\n\nAnother option is to use [`schedule`](https://help.github.com/en/articles/events-that-trigger-workflows#scheduled-events-schedule) event\nand execute this Action periodically against the `HEAD` of repository default branch.\n\n```yaml\nname: Security audit\non:\n  schedule:\n    - cron: '0 0 * * *'\njobs:\n  audit:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v1\n      - uses: actions-rs/audit-check@v1\n        with:\n          token: ${{ secrets.GITHUB_TOKEN }}\n```\n\nWith this example Action will be executed periodically at midnight of each day\nand check if there any new advisories appear for crate dependencies.\\\nFor each new advisory (including informal) an issue will be created:\n\n![Issue screenshot](.github/issue_screenshot.png)\n\n## Inputs\n\n| Name        | Required | Description                                                                | Type   | Default |\n| ------------| -------- | ---------------------------------------------------------------------------| ------ | --------|\n| `token`     | ✓        | [GitHub token], usually a `${{ secrets.GITHUB_TOKEN }}`                    | string |         |\n\n[GitHub token]: https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions-rs%2Faudit-check","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Factions-rs%2Faudit-check","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions-rs%2Faudit-check/lists"}