From 69ed7cd6305a94af8ad24941549feaee7568b377 Mon Sep 17 00:00:00 2001 From: Guillaume Desmottes Date: Tue, 8 Oct 2019 12:36:30 +0200 Subject: [PATCH] ci: run cargo-audit Can be used to detect vulnerabilities in deps, see https://blog.rust-lang.org/inside-rust/2019/10/03/Keeping-secure-with-cargo-audit-0.9.html Added libssl-dev as it's a build dep of one of audit's crate. --- .gitlab-ci.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 88b14c8cc..9b08bd4d3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -20,6 +20,7 @@ stages: libgl1-mesa-glx libwayland-egl1-mesa xz-utils + libssl-dev before_script: - apt-get update -yqq - apt-get install -yqq --no-install-recommends $DEPENDENCIES @@ -142,3 +143,13 @@ clippy: - | cargo clippy --color=always --manifest-path examples/Cargo.toml --bins --examples --all-features -- -A clippy::redundant_pattern_matching -A clippy::single_match -A clippy::cast_lossless cargo clippy --color=always --manifest-path tutorials/Cargo.toml --bins --examples --all-features -- -A clippy::redundant_pattern_matching -A clippy::single_match -A clippy::cast_lossless + +audit: + extends: '.tarball_setup' + image: "rust:slim-buster" + stage: 'extras' + only: + - schedules + script: + - cargo install cargo-audit + - cargo audit --deny-warnings