grandinetech · sauliusgrigaitis · Dec 23, 2024 · Dec 23, 2024
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -0,0 +1,30 @@
+name: "Audit Dependencies"
+on:
+  push:
+    paths:
+      # Run if workflow changes
+      - '.github/workflows/audit.yml'
+      # Run on changed dependencies
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+      # Run if the configuration file changes
+      - '**/audit.toml'
+  # Rerun periodicly to pick up new advisories
+  schedule:
+    - cron: '0 0 * * *'
+  # Run manually
+  workflow_dispatch:
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rust-lang/audit@v1
+        name: Audit Rust Dependencies
+        with:
+          # Comma separated list of issues to ignore
+          ignore: RUSTSEC-2024-0370,RUSTSEC-2023-0071,RUSTSEC-2024-0384,RUSTSEC-2024-0388
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -36,7 +36,3 @@ jobs:
     - name: Check consensus-spec-tests coverage (Linux)
       if: runner.os == 'Linux'
       run: scripts/ci/consensus-spec-tests-coverage.rb
-    # Ignore RUSTSEC-2023-0071 because we don't use RSA in `jwt-simple` 
-    - name: Run cargo audit (Linux)
-      if: runner.os == 'Linux'
-      run: cargo audit --ignore RUSTSEC-2024-0370 --ignore RUSTSEC-2023-0071