From 2fbe8da2cd768e4db2c4e4b1143830883b194ba8 Mon Sep 17 00:00:00 2001
From: Kurdistan Tech Ministry <info@pezkuwichain.io>
Date: Thu, 5 Mar 2026 03:28:41 +0300
Subject: [PATCH] fix(security): add NCSA and CDLA-Permissive-2.0 licenses,
 disable fail-fast

- Add NCSA and CDLA-Permissive-2.0 to allowed licenses in deny.toml
  (both are permissive open-source licenses used by transitive deps)
- Set fail-fast: false on cargo-deny matrix so all checks run
  independently even if one fails
---
 .github/workflows/security-audit.yml | 1 +
 deny.toml                            | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
index 6490836a..3a80c9b0 100644
--- a/.github/workflows/security-audit.yml
+++ b/.github/workflows/security-audit.yml
@@ -27,6 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     strategy:
+      fail-fast: false
       matrix:
         checks:
           - advisories
diff --git a/deny.toml b/deny.toml
index 2a364383..b7d5e52b 100644
--- a/deny.toml
+++ b/deny.toml
@@ -64,6 +64,8 @@ allow = [
 	"Unicode-DFS-2016",
 	"Unlicense",
 	"Zlib",
+	"NCSA",
+	"CDLA-Permissive-2.0",
 ]
 exceptions = [
 	# ring uses a custom ISC-style license