azure-pipelines icon indicating copy to clipboard operation
azure-pipelines copied to clipboard

Published 20 hours ago verified publisher icon crate-ci

Run cargo audit by default

Open djc opened this issue 4 years ago • 3 comments

Would be great to turn CI red on vulnerable dependencies.

djc avatar Sep 03 '19 14:09 djc

Thoughts on CI vs a bot? Dependabot can automatically create PRs for security vulnerabilities which is more proactive than the CI which is in response to a PR, master commit, tag, and/or a schedule.

Ouch, looks like they don't offer pre-built binaries and seem to be against it. The slowdown caused by that seems bad from a defaults perspective.

epage avatar Sep 03 '19 15:09 epage

It's too bad that Azure doesn't have caching yet.

I basically agree with the author that we should get cargo-audit into cargo proper.

djc avatar Sep 03 '19 18:09 djc

At least caching is in Preview

epage avatar Sep 03 '19 18:09 epage