pezkuwichain/pezkuwi-sdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
c55a371edbc2bce9e6e310a768df45145bfa48e8
pezkuwi-sdk/deny.toml
T
pezkuwichain c55a371edb fix(ci): fix build failures and add security audit workflow 
- build-linux-stable: disable forklift GCS cache (RUSTC_WRAPPER="")
  that panics without GCP credentials on VPS runners
- prepare-bridges-zombienet-artifacts: fix bridges/testing path to
  pezbridges/testing (rebrand path was not updated in workflow)
- build-rustdoc: use CARGO_TARGET_DIR instead of ./target for doc
  output path (docs generated at /cache/target/doc, not ./target/doc)
- build-push-image-*: add workspace permission fix step before checkout
  to handle root-owned files left by Docker container jobs
- All build jobs: increase timeout from 120 to 180 minutes for VPS
- Add cargo-deny + cargo-audit security audit workflow (weekly + on PR)
- Add deny.toml with license, advisory, and source checks
2026-02-25 19:39:47 +03:00

74 lines
1.5 KiB
TOML
Raw Blame History

# cargo-deny configuration for Pezkuwi SDK
# https://embarkstudios.github.io/cargo-deny/
[graph]
targets = [
{ triple = "x86_64-unknown-linux-gnu" },
{ triple = "x86_64-unknown-linux-musl" },
{ triple = "wasm32-unknown-unknown" },
]
# Exclude test/bench-only crates from checks
exclude = []
# Advisory database - check for known vulnerabilities
[advisories]
vulnerability = "deny"
unmaintained = "warn"
yanked = "warn"
notice = "warn"
ignore = [
# Add specific advisory IDs to ignore here with justification:
# "RUSTSEC-0000-0000", # reason for ignoring
]
# License compliance
[licenses]
unlicensed = "deny"
copyleft = "warn"
allow-osi-fsf-free = "either"
default = "deny"
confidence-threshold = 0.8
allow = [
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"MIT",
"MIT-0",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"Unlicense",
"CC0-1.0",
"BSL-1.0",
"Unicode-3.0",
"Unicode-DFS-2016",
"Zlib",
"MPL-2.0",
"OpenSSL",
"GPL-3.0-only WITH Classpath-exception-2.0",
"GPL-3.0-or-later WITH Classpath-exception-2.0",
]
exceptions = [
# ring uses a custom ISC-style license
{ allow = ["OpenSSL"], name = "ring" },
]
[licenses.private]
ignore = true
# Banned crates and duplicate version detection
[bans]
multiple-versions = "warn"
wildcards = "allow"
highlight = "simplest-path"
# Deny specific problematic crates
deny = []
skip = []
skip-tree = []
# Source origin checks
[sources]
unknown-registry = "warn"
unknown-git = "warn"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []
Reference in New Issue View Git Blame Copy Permalink