Hi, I've integrated audit-check as a Github Action in a Rust project. However, the results are not identical to running cargo audit locally. For example, the following output is from Github Actions and no vulnerabilities nor warnings were found.
{"database":{"advisory-count":323,"last-commit":"67da87fc89b37912c25a32e4b647e1d6c576cdb9","last-updated":"2021-08-10T21:54:42Z"},"lockfile":{"dependency-count":161},"settings":{"target_arch":null,"target_os":null,"severity":null,"ignore":[],"informational_warnings":["unmaintained"],"package_scope":null},"vulnerabilities":{"found":false,"count":0,"list":[]},"warnings":{}}
No vulnerabilities were found
No warnings were found
Warnings are ignored based on how cargo audit is configured but the results will always output "No warnings were found". Thus, the output is misleading.
Can we enable information warnings by default, or make it configurable?
Hi, I've integrated audit-check as a Github Action in a Rust project. However, the results are not identical to running
cargo auditlocally. For example, the following output is from Github Actions and no vulnerabilities nor warnings were found.Warnings are ignored based on how
cargo auditis configured but the results will always output "No warnings were found". Thus, the output is misleading.Can we enable information warnings by default, or make it configurable?