Add cargo audit

2021-12-22 10:01:46 +01:00 · 2021-12-22 10:01:46 +01:00 · f9c14542c5
--- a/.pre-commit-audit-config.yaml
+++ b/.pre-commit-audit-config.yaml
@ -0,0 +1,17 @@
+# Use a separate pre-commit config that runs only when Rust dependencies
+# are added, removed or modified.
+repos:
+-   repo: local
+    hooks:
+      - id: audit
+        name: audit
+        language: system
+        files: 'Cargo\.lock|Cargo\.toml$'
+        # FIXME
+        # RUSTSEC-2021-0131 --> https://rustsec.org/advisories/RUSTSEC-2021-0131
+        # RUSTSEC-2021-0124 --> https://rustsec.org/advisories/RUSTSEC-2021-0124
+        entry: cargo audit --ignore RUSTSEC-2021-0131 --ignore RUSTSEC-2021-0124
+        pass_filenames: false
+
+default_language_version:
+    python: python3
--- a/.taskcluster.yml
+++ b/.taskcluster.yml
@ -43,11 +43,13 @@ tasks:
               rustup component add clippy rustfmt &&
               rustup toolchain install nightly &&
               curl -L https://github.com/est31/cargo-udeps/releases/download/v0.1.25/cargo-udeps-v0.1.25-x86_64-unknown-linux-gnu.tar.gz | tar xz -C /usr/local/cargo/bin --strip-components 2 &&
+               curl -L https://github.com/rustsec/rustsec/releases/download/cargo-audit%2Fv0.16.0/cargo-audit-x86_64-unknown-linux-musl-v0.16.0.tgz | tar xzv -C /usr/local/cargo/bin --strip-components 1 &&
               git clone --quiet ${repository} &&
               cd rust-code-analysis &&
               git -c advice.detachedHead=false checkout ${head_rev} &&
               pip3 install --quiet pre-commit &&
               pre-commit run -a --show-diff-on-failure &&
+               pre-commit run --show-diff-on-failure -c .pre-commit-audit-config.yaml &&
               cargo test --workspace --verbose --all-features &&
               cd enums &&
               cargo build --verbose --all-features"