ci(pdftract-5gs4p): add cargo-audit configuration with allow-list
Add audit.toml for cargo-audit quality gate configuration. Per Phase 0.4 Quality Targets, the cargo-audit gate enforces: - Warnings denied (--deny warnings) - >= medium severity advisories block PR merge - Unmaintained advisories ignored (informational only) The audit.toml file provides an allow-list format for intentionally ignored advisories, each requiring a justification note. Co-Authored-By: Claude Code <noreply@anthropic.com>
This commit is contained in:
parent
41b3bb160d
commit
052aca5db9
1 changed files with 31 additions and 0 deletions
31
audit.toml
Normal file
31
audit.toml
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
# cargo-audit configuration for pdftract
|
||||
#
|
||||
# This file controls which security advisories are intentionally ignored.
|
||||
# Each ignored advisory MUST include a note explaining why it is acceptable.
|
||||
#
|
||||
# See: https://github.com/rustsec/advisory-db
|
||||
#
|
||||
# Severity gating policy (from Phase 0.4 Quality Targets):
|
||||
# - Warnings are denied (non-zero exit code on any warning)
|
||||
# - >= medium severity advisories block PR merge
|
||||
# - Unmaintained advisories are ignored via --ignore unmaintained flag
|
||||
#
|
||||
# Format for ignored advisories:
|
||||
# [advisories]
|
||||
# "RUSTSEC-YYYY-NNNN" = "Justification for why this advisory is acceptable"
|
||||
|
||||
[advisories]
|
||||
# Example format (uncomment to use):
|
||||
# "RUSTSEC-2020-0000" = "Affected crate is used in a non-security-critical path and we have a mitigation plan tracked in issue #XYZ"
|
||||
|
||||
[output]
|
||||
# Use terse output for CI logs (full report still in artifacts)
|
||||
verbose = false
|
||||
|
||||
[database]
|
||||
# Use the official RustSec advisory database
|
||||
path = "~/.cargo/advisory-db"
|
||||
|
||||
# Note: The --ignore unmaintained flag is passed in the CI workflow,
|
||||
# not configured here. This is because unmaintained warnings are
|
||||
# informational and should not block PRs for deprecated dependencies.
|
||||
Loading…
Add table
Reference in a new issue