From 4dfe2056a8473fa853e1b5df55b9a146ea934e36 Mon Sep 17 00:00:00 2001
From: Leonardo Lima <oleonardolima@users.noreply.github.com>
Date: Wed, 25 Mar 2026 17:21:55 -0300
Subject: [PATCH] ci(audit): add new `cargo audit` job

- add new `audit.yml` CI job.
- add new `.cargo/audit.toml`.
---
 .cargo/audit.toml           | 18 ++++++++++++++++++
 .github/workflows/audit.yml | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 .cargo/audit.toml
 create mode 100644 .github/workflows/audit.yml

diff --git a/.cargo/audit.toml b/.cargo/audit.toml
new file mode 100644
index 0000000..6de847a
--- /dev/null
+++ b/.cargo/audit.toml
@@ -0,0 +1,18 @@
+# `cargo audit` config file
+#
+# All of the options which can be passed via CLI arguments can also be
+# permanently specified in this file.
+#
+# See original example: https://raw.githubusercontent.com/rustsec/rustsec/refs/heads/main/cargo-audit/audit.toml.example
+
+[advisories]
+ignore = [] # advisory IDs to ignore e.g. ["RUSTSEC-2019-0001", ...]
+
+# Output Configuration
+[output]
+quiet = false # Only print information on error
+show_tree = true # Show inverse dependency trees along with advisories (default: true)
+
+[yanked]
+enabled = true # Warn for yanked crates in Cargo.lock (default: true)
+update_index = true # Auto-update the crates.io index (default: true)
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
new file mode 100644
index 0000000..0a2b58f
--- /dev/null
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,34 @@
+name: Audit
+
+# Performs a security audit of Rust dependencies using `cargo-audit` through the `actions-rust-lang/audit` action.
+# Runs nightly on schedule and when Cargo.toml, Cargo.lock, or audit.toml files are modified.
+# Helps identify known security vulnerabilities in the dependency tree.
+
+on:
+  push:
+    paths:
+      # Run if workflow changes
+      - '.github/workflows/audit.yml'
+      # Run on changed dependencies
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+      # Run if the configuration file changes
+      - '**/audit.toml'
+  # Rerun periodically to pick up new advisories
+  schedule:
+    - cron: '0 0 * * *' # Nightly
+  # Run manually
+  workflow_dispatch:
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+      - uses: actions-rust-lang/audit@v1
+        name: Audit Rust Dependencies