Add cargo-audit to circleci

pi-hole / api

The Pi-hole API

Other

162 stars 22 forks source link

Add cargo-audit to circleci #225

Closed snapsl closed 5 years ago

snapsl commented 5 years ago

This adds cargo-audit to the job list of circleci. Vulnerable packages will be displayed and subsequent steps can be initiated.

AzureMarker commented 5 years ago

Build dependencies should be installed in the docker files. But first, I don't think this is a necessary addition. Dependabot will make a PR whenever there is a security issue with a dependency.

Edit: For example, https://github.com/pi-hole/api/pull/222

snapsl commented 5 years ago

okay something went wrong there. I could not test it before. @Mcat12 I didn't know Dependabot is capable of that. I think this pr then can be closed.

AzureMarker commented 5 years ago

Thanks for the PR anyways!