Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use cargo-deny in CI #2166

Open
james7132 opened this issue Mar 1, 2023 · 0 comments
Open

Use cargo-deny in CI #2166

james7132 opened this issue Mar 1, 2023 · 0 comments
Labels
c-all Affects all crates or the project as a whole t-ci Anything to do with CI.

Comments

@james7132
Copy link
Contributor

cargo-deny provides a plethora of useful checks to ensure dependencies (and transitive dependencies) stay within the bounds.

For example, twilight is licensed under ISC, having a GPL or even MPL dependency or dependency of a dependency would potentially compromise that.

It also can help block duplicate dependencies from being introduced to avoid lengthening compile times, if that's desirable. It can also check if any of the dependencies in the tree have security advisories (though dependabot also does this), and check if any of them are unmaintained.

Enabling this should only require installing it via cargo install cargo-deny and following it's steps for adding a deny.toml at the top of the repo.
@james7132 james7132 added t-ci Anything to do with CI. c-all Affects all crates or the project as a whole labels Mar 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c-all Affects all crates or the project as a whole t-ci Anything to do with CI.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@james7132