`rustsecbot` action

This action uses cargo-deny to find RUSTSEC advisories that impact a Rust project.

Inputs

`labels`

A comma-separated list of labels for impacted issues.

Default: rust,security

`mode`

Determines whether to check for advisories or to report them in new issues.

Default: report

`token`

A GitHub PAT with the issues:write scope if mode is report or issues:read if mode is check.

Default: github.token.

Outputs

`opened`

A comma-separated list of new advisory issues created in the form ISSUE:ADVISORY.

Example usage

permissions:
  issues: write

jobs:
  rustsec:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: olix0r/rustsecbot@v1
        with:
          labels: area/myapp,rust,security

olix0r/rustsecbot

rustsecbot action

Inputs

labels

mode

token