juspay / rust-flake

A simple flake module for Rust development, based on crane.
MIT License
21 stars 4 forks source link

Add `cargo audit` flake check #26

Open srid opened 1 month ago

srid commented 1 month ago

Such that nix flake check will automatically run cargo audit and fail on serious vulnerabilities.

This can be implemented rather easily using crane's function:

https://crane.dev/API.html?highlight=cargoAudit#cranelibcargoaudit

srid commented 1 month ago
image

Since advisory db is normally downloaded, this would make it an impure dependency. We could pin it (see above), but then we should come up with a (documented or automated) mechanism to update that flake input periodically.