{"id":15067666,"url":"https://github.com/actions-rust-lang/audit","last_synced_at":"2025-04-10T15:14:37.707Z","repository":{"id":59704847,"uuid":"523107421","full_name":"actions-rust-lang/audit","owner":"actions-rust-lang","description":"Audit Rust Dependencies using the RustSec Advisory DB","archived":false,"fork":false,"pushed_at":"2025-03-31T17:09:59.000Z","size":302,"stargazers_count":9,"open_issues_count":1,"forks_count":6,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-31T18:26:03.518Z","etag":null,"topics":["cargo-audit","ci","github-actions","hacktoberfest","rust","rust-lang","rustsec","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/actions-rust-lang.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":"audit.py","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-09T21:00:48.000Z","updated_at":"2025-03-10T21:43:27.000Z","dependencies_parsed_at":"2023-12-18T18:59:49.185Z","dependency_job_id":"c0df887b-3237-43cb-8fe5-e2f31b98552c","html_url":"https://github.com/actions-rust-lang/audit","commit_stats":{"total_commits":42,"total_committers":2,"mean_commits":21.0,"dds":"0.45238095238095233","last_synced_commit":"229220ba5cd5fb24c87803c8944b7c472e88b2e5"},"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-rust-lang%2Faudit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-rust-lang%2Faudit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-rust-lang%2Faudit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-rust-lang%2Faudit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions-rust-lang","download_url":"https://codeload.github.com/actions-rust-lang/audit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248243218,"owners_count":21071054,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cargo-audit","ci","github-actions","hacktoberfest","rust","rust-lang","rustsec","security"],"created_at":"2024-09-25T01:25:42.592Z","updated_at":"2025-04-10T15:14:37.697Z","avatar_url":"https://github.com/actions-rust-lang.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Audit Rust dependencies using the RustSec Advisory DB\n\nAudit your Rust dependencies using [cargo audit] and the [RustSec Advisory DB]. The action creates a summary with all vulnerabilities. It can create issues for each of the found vulnerabilities.\n\nExecution Summary:\n\n![The action reports any audit results.](./imgs/audit-summary.png)\n\n## Example workflow\n\n```yaml\nname: \"Audit Dependencies\"\non:\n  push:\n    paths:\n      # Run if workflow changes\n      - '.github/workflows/audit.yml'\n      # Run on changed dependencies\n      - '**/Cargo.toml'\n      - '**/Cargo.lock'\n      # Run if the configuration file changes\n      - '**/audit.toml'\n  # Rerun periodically to pick up new advisories\n  schedule:\n    - cron: '0 0 * * *'\n  # Run manually\n  workflow_dispatch:\n\njobs:\n  audit:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: read\n      issues: write\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions-rust-lang/audit@v1\n        name: Audit Rust Dependencies\n        with:\n          # Comma separated list of issues to ignore\n          ignore: RUSTSEC-2020-0036\n```\n\n## Inputs\n\nAll inputs are optional.\nConsider adding an [`audit.toml` configuration file] to your repository for further configurations.\ncargo audit supports multiple warning types, such as unsound code or yanked crates.\nConfiguration is only possible via the `informational_warnings` parameter in the configuration file ([#318](https://github.com/rustsec/rustsec/issues/318)).\nSetting `denyWarnings` to true will also enable these warnings, but each warning is upgraded to an error.\n\n| Name               | Description                                                                                      | Default                                                                  |\n| ------------------ | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ |\n| `TOKEN`            | The GitHub access token to allow us to retrieve, create and update issues (automatically set).   | `github.token`                                                           |\n| `denyWarnings`     | Any warnings generated will be treated as an error and fail the action.                          | false                                                                    |\n| `file`             | The path to the Cargo.lock file to inspect file.                                                 |                                                                          |\n| `ignore`           | A comma separated list of Rustsec IDs to ignore.                                                 |                                                                          |\n| `createIssues`     | Create/Update issues for each found vulnerability. By default only on `main` or `master` branch. | `github.ref == 'refs/heads/master' \\|\\| github.ref == 'refs/heads/main'` |\n| `workingDirectory` | Run `cargo audit` from the given working directory                                               |                                                                          |\n\n## Dependencies\n\nThe action works best on the GitHub-hosted runners, but can work on self-hosted ones too, provided the necessary dependencies are available.\nPRs to add support for more environments are welcome.\n\n* bash\n* Python 3.9+\n    * requests\n* Rust stable\n    * cargo\n* use node actions\n\n## License\n\nThe scripts and documentation in this project are released under the [MIT License].\n\n[MIT License]: LICENSE\n[cargo audit]: https://github.com/RustSec/rustsec/tree/main/cargo-audit\n[RustSec Advisory DB]: https://rustsec.org/advisories/\n[`audit.toml` configuration file]: https://github.com/rustsec/rustsec/blob/main/cargo-audit/audit.toml.example\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions-rust-lang%2Faudit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Factions-rust-lang%2Faudit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions-rust-lang%2Faudit/lists"}