Skip to content

feat: SLSA 3

feat: SLSA 3 #328

name: Security audit
on:
push:
paths:
- "**/Cargo.toml"
- "**/Cargo.lock"
# Declare default permissions as read only.
permissions: read-all
jobs:
security_audit:
permissions:
checks: write # for rustsec/audit-check to create check
contents: read # for actions/checkout to fetch code
issues: write # for rustsec/audit-check to create issues
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}