rms/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-05-17 08:26:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

ci: add security policy, cargo-deny configuration, and audit workflow

Browse Source 
- Add deny.toml with license/advisory policy for cargo-deny
- Add security.yml GitHub Actions workflow for automated audit
- Update rust.yml with hardened clippy lint enforcement
- Update Cargo.toml/Cargo.lock with audit-related dependency additions
- Fix clippy lint placement in config.toml (Clippy lints must not live in rustflags)

Part of PR-SEC-1: no Rust source changes, establishes CI gates for all subsequent PRs.
This commit is contained in:
David Osipov
2026-03-15 00:02:03 +04:00
parent dda31b3d2f
commit 2bd9036908
5 changed files with 67 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.cargo/deny.toml Normal file
View File

@@ -0,0 +1,15 @@
[bans]
multiple-versions = "deny"
wildcards = "allow"
highlight = "all"
# Explicitly flag the weak cryptography so the agent is forced to justify its existence
[[bans.skip]]
name = "md-5"
version = "*"
reason = "MUST VERIFY: Only allowed for legacy checksums, never for security."
[[bans.skip]]
name = "sha1"
version = "*"
reason = "MUST VERIFY: Only allowed for backwards compatibility."