Skip to content

Add cargo-audit security scanning to CI#31

Closed
martinemde wants to merge 1 commit intomainfrom
cargo-audit-scanning
Closed

Add cargo-audit security scanning to CI#31
martinemde wants to merge 1 commit intomainfrom
cargo-audit-scanning

Conversation

@martinemde
Copy link
Contributor

@martinemde martinemde commented Jan 7, 2026

Summary

  • Integrate cargo-audit as required CI check before releases
  • Update audit.yml workflow to use modern tooling
  • Add security-audit job as dependency for release jobs

Changes

  • .github/workflows/ci.yml: Add security-audit job, make release depend on it
  • .github/workflows/audit.yml: Replace deprecated actions-rs/audit-check with cargo-audit

Security Benefits

  • Block releases with known security vulnerabilities
  • Continuous security monitoring of dependencies
  • Modern cargo-audit tooling with better performance

Test Plan

  • Local cargo audit passes with no vulnerabilities
  • CI security gate validation
  • Verify release blocking on audit failures

Part of PKS release process modernization (atomic PR #3/4).

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

@martinemde
Add cargo-audit security scanning as release gate
618cf49 
Integrates cargo-audit into the CI workflow as a required check that
must pass before releases can proceed. Also updates the standalone
audit.yml to use modern cargo-audit tooling instead of the deprecated
actions-rs/audit-check action.

- Add security-audit job to ci.yml
- Make release job depend on security-audit passing
- Update audit.yml to use cargo-audit directly with actions/checkout@v4
@github-project-automation github-project-automation bot moved this to Triage in Modularity Jan 7, 2026
@martinemde
Copy link
Contributor Author

martinemde commented Jan 7, 2026

audit-check is archived: https://github.com/actions-rs/audit-check

@martinemde martinemde requested a review from ivy January 7, 2026 22:07
@martinemde martinemde closed this Jan 9, 2026
@github-project-automation github-project-automation bot moved this from Triage to Done in Modularity Jan 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ivy ivy Awaiting requested review from ivy

Assignees

No one assigned

Labels

None yet

Projects

Modularity
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@martinemde