ci: Switch to cargo deny for vulnerability scanning

While both cargo audit and cargo deny can specify exceptions and ignore rules, cargo deny has first class support for descriptions explaining why a vulnerability can be ignored. Since we're already using cargo deny, let's switch to it fully.
matrix-org · Sep 11, 2024 · 691a7f6 · 691a7f6
1 parent dcd6eed
commit 691a7f6
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 18 deletions.
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
@@ -1,13 +1,14 @@
-name: Lint dependencies (for licences, allowed sources, banned dependencies)
+name: Lint dependencies (for licences, allowed sources, banned dependencies, vulnerabilities)
 on:
   pull_request:
     paths:
       - '**/Cargo.toml'
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
 jobs:
   cargo-deny:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - uses: EmbarkStudios/cargo-deny-action@v1
-      with:
-        command: check bans licenses sources