Run cargo audit by default
Opened this issue · 3 comments
djc commented
Would be great to turn CI red on vulnerable dependencies.
epage commented
Thoughts on CI vs a bot? Dependabot can automatically create PRs for security vulnerabilities which is more proactive than the CI which is in response to a PR, master commit, tag, and/or a schedule.
Ouch, looks like they don't offer pre-built binaries and seem to be against it. The slowdown caused by that seems bad from a defaults perspective.
djc commented
It's too bad that Azure doesn't have caching yet.
I basically agree with the author that we should get cargo-audit into cargo proper.
epage commented
At least caching is in Preview