From: Elias Rohrer Date: Tue, 30 Jan 2024 11:41:05 +0000 (+0100) Subject: Introduce CI workflow running `cargo audit` X-Git-Tag: v0.0.123-beta~67^2 X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=fd705c79195397240a95ff52fc2848004ac3a26d;p=rust-lightning Introduce CI workflow running `cargo audit` In order to continuously monitor our dependencies for security vulnerabilities, we introduce a new CI job that will use `cargo audit` to check for any known vulnerabilities. This job is run on a daily schedule. For each new advisory, a new issue will be created. --- diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 000000000..e7e82ee41 --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,17 @@ +name: Security Audit +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * *' + +jobs: + audit: + runs-on: ubuntu-latest + permissions: + issues: write + checks: write + steps: + - uses: actions/checkout@v3 + - uses: rustsec/audit-check@v1.4.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index a4ab59b53..f8de40f31 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,9 @@ Rust-Lightning [![Crate](https://img.shields.io/crates/v/lightning.svg?logo=rust)](https://crates.io/crates/lightning) [![Documentation](https://img.shields.io/static/v1?logo=read-the-docs&label=docs.rs&message=lightning&color=informational)](https://docs.rs/lightning/) [![Safety Dance](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/) +[![Security Audit](https://github.com/lightningdevkit/rust-lightning/actions/workflows/audit.yml/badge.svg)](https://github.com/lightningdevkit/rust-lightning/actions/workflows/audit.yml) -[LDK](https://lightningdevkit.org)/`rust-lightning` is a highly performant and flexible +[LDK](https://lightningdevkit.org)/`rust-lightning` is a highly performant and flexible implementation of the Lightning Network protocol. The primary crate, `lightning`, is runtime-agnostic. Data persistence, chain interactions,