{"id":29210639,"url":"https://github.com/embarkstudios/cargo-deny-action","last_synced_at":"2025-07-02T21:07:23.182Z","repository":{"id":36514989,"uuid":"228054692","full_name":"EmbarkStudios/cargo-deny-action","owner":"EmbarkStudios","description":"❌ GitHub Action for cargo-deny 🦀","archived":false,"fork":false,"pushed_at":"2025-06-19T07:31:51.000Z","size":88,"stargazers_count":158,"open_issues_count":3,"forks_count":39,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-06-30T21:07:03.715Z","etag":null,"topics":["cargo","cargo-deny","dependency-manager","github-actions","hacktoberfest","rust","rust-lang"],"latest_commit_sha":null,"homepage":"http://embark.rs","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EmbarkStudios.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE-APACHE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-12-14T16:38:32.000Z","updated_at":"2025-06-24T16:53:58.000Z","dependencies_parsed_at":"2024-03-22T10:48:08.591Z","dependency_job_id":"f74ce156-052f-461d-86af-a21b45d9d13a","html_url":"https://github.com/EmbarkStudios/cargo-deny-action","commit_stats":{"total_commits":99,"total_committers":25,"mean_commits":3.96,"dds":"0.43434343434343436","last_synced_commit":"8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268"},"previous_names":[],"tags_count":65,"template":false,"template_full_name":"EmbarkStudios/opensource-template","purl":"pkg:github/EmbarkStudios/cargo-deny-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmbarkStudios%2Fcargo-deny-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmbarkStudios%2Fcargo-deny-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmbarkStudios%2Fcargo-deny-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmbarkStudios%2Fcargo-deny-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EmbarkStudios","download_url":"https://codeload.github.com/EmbarkStudios/cargo-deny-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmbarkStudios%2Fcargo-deny-action/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263215299,"owners_count":23431895,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cargo","cargo-deny","dependency-manager","github-actions","hacktoberfest","rust","rust-lang"],"created_at":"2025-07-02T21:07:22.283Z","updated_at":"2025-07-02T21:07:23.166Z","avatar_url":"https://github.com/EmbarkStudios.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# ❌ cargo-deny GitHub Action\n\n**GitHub Action for running [`cargo-deny`](https://github.com/EmbarkStudios/cargo-deny) to help manage Cargo crate dependencies and validate licenses.**\n\n[![Build Status](https://github.com/EmbarkStudios/cargo-deny-action/workflows/Test/badge.svg)](https://github.com/EmbarkStudios/cargo-deny-action/actions?workflow=Test)\n[![Contributor Covenant](https://img.shields.io/badge/contributor%20covenant-v1.4%20adopted-ff69b4.svg)](CODE_OF_CONDUCT.md)\n[![Embark](https://img.shields.io/badge/embark-open%20source-blueviolet.svg)](https://embark.dev)\n\n\u003c/div\u003e\n\n## Usage\n\nCreate a `deny.toml` file in the root of the repo to use as rules for the action ([example](https://github.com/EmbarkStudios/cargo-deny/blob/master/deny.toml)).\nSee [`cargo-deny`](https://github.com/EmbarkStudios/cargo-deny) for instructions and details of the format and capabilities.\n\nThis action will run `cargo-deny check` and report failure if any banned crates or disallowed open source licenses are found used in the crate or its dependencies.\n\nThe action has three optional inputs\n\n* `rust-version`: The rust/cargo version to use, updated before cargo-deny is run. Defaults to the version in the image, which is currently **1.71.0**.\n* `log-level`: The log level to use for `cargo-deny`, default is `warn`\n* `command`: The command to use for `cargo-deny`, default is `check`\n* `arguments`: The argument to pass to `cargo-deny`, default is `--all-features`. See [Common Options](https://embarkstudios.github.io/cargo-deny/cli/common.html) for a list of the available options.\n* `manifest-path`: The path to a Cargo.toml file to use as the root. Defaults to `./Cargo.toml`. Note this argument is always passed, so you can't have it in `arguments` as well, just set it it to the value you had in `arguments` if you were using it there.\n* `command-arguments` The argument to pass to the command, default is emtpy. See options for [each command](https://embarkstudios.github.io/cargo-deny/cli/index.html).\n* `credentials` This argument stores the credentials in the file `$HOME/git-credentials`, and configures git to use it. The credential must match the format `https://user:pass@github.com`\n\n### Example pipeline\n\n```yaml\nname: CI\non: [push, pull_request]\njobs:\n  cargo-deny:\n    runs-on: ubuntu-22.04\n    steps:\n    - uses: actions/checkout@v4\n    - uses: EmbarkStudios/cargo-deny-action@v2\n```\n\n### Example pipeline with custom options using default values\n\n```yaml\nname: CI\non: [push, pull_request]\njobs:\n  cargo-deny:\n    runs-on: ubuntu-22.04\n    steps:\n    - uses: actions/checkout@v4\n    - uses: EmbarkStudios/cargo-deny-action@v2\n      with:\n        log-level: warn\n        manifest-path: ./Cargo.toml\n        command: check\n        arguments: --all-features\n        command-arguments: \"\"\n        credentials: https://${{ secrets.GITHUB_USER }}:${{ secrets.GITHUB_PAT }}@github.com\n```\n\n### Use specific Rust version\n\n```yaml\nname: CI\non: [push, pull_request]\njobs:\n  cargo-deny:\n    runs-on: ubuntu-22.04\n    steps:\n    - uses: actions/checkout@v4\n    - uses: EmbarkStudios/cargo-deny-action@v2\n      with:\n        rust-version: \"1.60.0\"\n        log-level: warn\n        command: check\n        arguments: --all-features\n```\n\n### Recommended pipeline if not using advisories, to only run on dependency changes\n\nIf you use this pipeline, you should have `Cargo.lock` files checked into your\nrepository.\n\n```yaml\nname: CI\non:\n  pull_request:\n    paths:\n      - '**/Cargo.lock'\n      - '**/Cargo.toml'\n      - '**/deny.toml'\njobs:\n  cargo-deny:\n    runs-on: ubuntu-22.04\n    steps:\n    - uses: actions/checkout@v4\n    - uses: EmbarkStudios/cargo-deny-action@v2\n      with:\n        command: check bans licenses sources\n```\n\n### Recommended pipeline if using advisories, to avoid sudden breakages\n\n```yaml\nname: CI\non: [push, pull_request]\njobs:\n  cargo-deny:\n    runs-on: ubuntu-22.04\n    strategy:\n      matrix:\n        checks:\n          - advisories\n          - bans licenses sources\n\n    # Prevent sudden announcement of a new advisory from failing ci:\n    continue-on-error: ${{ matrix.checks == 'advisories' }}\n\n    steps:\n    - uses: actions/checkout@v4\n    - uses: EmbarkStudios/cargo-deny-action@v2\n      with:\n        command: check ${{ matrix.checks }}\n```\n\n## Users\n\nRepositories using this action (PR to add your repo):\n\n* [ash-molten](https://github.com/EmbarkStudios/ash-molten)\n* [asn1rs](https://github.com/kellerkindt/asn1rs)\n* [cargo-about](https://github.com/EmbarkStudios/cargo-about)\n* [cargo-fetcher](https://github.com/EmbarkStudios/cargo-fetcher)\n* [Defguard](https://github.com/DefGuard/defguard)\n* [gitoxide](https://github.com/Byron/gitoxide)\n* [glam-rs](https://github.com/bitshifter/glam-rs)\n* [linkerd2-proxy](https://github.com/linkerd/linkerd2-proxy)\n* [OctaSine](https://github.com/greatest-ape/OctaSine)\n* [PackSquash](https://github.com/ComunidadAylas/PackSquash)\n* [physx-rs](https://github.com/EmbarkStudios/physx-rs)\n* [smush](https://github.com/gwihlidal/smush-rs)\n* [tame-gcs](https://github.com/EmbarkStudios/tame-gcs)\n* [tame-oauth](https://github.com/EmbarkStudios/tame-oauth)\n* [texture-synthesis](https://github.com/EmbarkStudios/texture-synthesis)\n* [tonic](https://github.com/hyperium/tonic)\n* ⚡️[dotenv-linter](https://github.com/dotenv-linter/dotenv-linter)\n* [wasm-oidc-plugin](https://github.com/antonengelhardt/wasm-oidc-plugin)\n* [rama](https://github.com/plabayo/rama)\n\n## Contributing\n\nWe welcome community contributions to this project.\n\nPlease read our [Contributor Guide](CONTRIBUTING.md) for more information on how to get started.\n\n## License\n\nLicensed under either of\n\n* Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or \u003chttp://www.apache.org/licenses/LICENSE-2.0\u003e)\n* MIT license ([LICENSE-MIT](LICENSE-MIT) or \u003chttp://opensource.org/licenses/MIT\u003e)\n\nat your option.\n\n### Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fembarkstudios%2Fcargo-deny-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fembarkstudios%2Fcargo-deny-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fembarkstudios%2Fcargo-deny-action/lists"}