jedarden/pdftract
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
481 commits 1 branch 0 tags 7.5 GiB
Commit graph

2 commits

Author SHA1 Message Date
jedarden
54fe6c1964 feat(pdftract-1xf4d): implement TH-06 supply-chain gate 
- Add minimum version requirements to deny.toml (ring >= 0.17.5, rustls >= 0.23)
- Create build/CHECKSUMS.sha256 for build-time data file integrity
- Update build.rs to verify checksums on every build
- Add tampering detection tests (th06_checksum_test.rs)
- Create nightly supply-chain scan workflow (pdftract-nightly-supply-chain.yaml)
- Update audit.toml with advisory exceptions

Closes: pdftract-1xf4d
Refs: plan lines 877, 883-896, 906-913
 2026-05-26 17:31:13 -04:00
jedarden
052aca5db9 ci(pdftract-5gs4p): add cargo-audit configuration with allow-list 
Add audit.toml for cargo-audit quality gate configuration.

Per Phase 0.4 Quality Targets, the cargo-audit gate enforces:
- Warnings denied (--deny warnings)
- >= medium severity advisories block PR merge
- Unmaintained advisories ignored (informational only)

The audit.toml file provides an allow-list format for intentionally
ignored advisories, each requiring a justification note.

Co-Authored-By: Claude Code <noreply@anthropic.com>
 2026-05-23 11:11:25 -04:00