Closed legoktm closed 1 month ago
Thanks - rebased.
Edit: Oh, also: Is it expected that CircleCI's static-analysis-and-no-known-cves-1 is stuck at Expected?
Yes, that's because it still has the Required label. Once infra moves that to the GHA job that it'll disappear. So I'll file an infra ticket now :)
Status
Ready for review
Description of Changes
This ports the same functionality but in a much simpler way since we just need the latest versions of the safety and semgrep packages.
We want this to run on each PR and every night, so move it into security.yml and configure that workflow to run on each PR as well. As a side-effect,
rust-audit
will now run on each PR, which is fine.Testing
How should the reviewer test this PR?
Deployment
Any special considerations for deployment? n/a
Checklist