-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeny.toml
More file actions
113 lines (93 loc) · 3.03 KB
/
deny.toml
File metadata and controls
113 lines (93 loc) · 3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# cargo-deny configuration
# https://embarkstudios.github.io/cargo-deny/
[graph]
# Target platforms to check
targets = [
"x86_64-unknown-linux-gnu",
"x86_64-apple-darwin",
"aarch64-apple-darwin",
"x86_64-pc-windows-msvc",
]
# =============================================================================
# Licenses
# =============================================================================
[licenses]
# Confidence threshold for detecting a license
confidence-threshold = 0.93
# List of allowed licenses
allow = [
"MIT",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"Zlib",
"MPL-2.0",
"Unicode-DFS-2016",
"CC0-1.0",
"Unlicense",
]
# Clarify licenses for specific crates
[[licenses.clarify]]
name = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
[[licenses.clarify]]
name = "webpki"
expression = "ISC"
license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]
# =============================================================================
# Bans
# =============================================================================
[bans]
# Lint level for multiple versions of the same crate
multiple-versions = "warn"
wildcards = "allow"
# Crates to deny entirely
deny = [
# Avoid openssl in favor of rustls
# { name = "openssl" },
# { name = "openssl-sys" },
]
# Allow specific duplicate versions if needed
skip = []
# =============================================================================
# Advisories
# =============================================================================
[advisories]
# Path to the advisory database
db-path = "~/.cargo/advisory-db"
# URL to the advisory database
db-urls = ["https://github.com/rustsec/advisory-db"]
# Lint level for security vulnerabilities
vulnerability = "deny"
# Lint level for unmaintained crates
unmaintained = "warn"
# Lint level for yanked crates
yanked = "warn"
# Ignore specific advisories
# These are transitive dependencies we cannot directly update
ignore = [
# instant is unmaintained, but comes from iggy -> reqwest-retry -> parking_lot v0.11.2
# Upstream needs to update parking_lot to v0.12+
"RUSTSEC-2024-0384",
# rustls-pemfile is unmaintained, but comes from testcontainers -> bollard (dev-dependency only)
# Upstream needs to migrate to rustls-pki-types
"RUSTSEC-2025-0134",
# paste is unmaintained, but comes from iggy -> iggy_common -> compio-io
# Upstream (iggy/compio) needs to migrate to pastey or alternative
"RUSTSEC-2024-0436",
]
# =============================================================================
# Sources
# =============================================================================
[sources]
# Lint level for unknown registries
unknown-registry = "deny"
# Lint level for unknown git sources
unknown-git = "warn"
# Allowed registries
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# Allowed git repositories (add if using git dependencies)
allow-git = []