Skip to content

Use cargo-deny in CI #2166

New issue
New issue
Open
Open
Use cargo-deny in CI#2166
Labels
c-allAffects all crates or the project as a wholet-ciAnything to do with CI.
@james7132

Description

@james7132
james7132
opened on Mar 1, 2023

cargo-deny provides a plethora of useful checks to ensure dependencies (and transitive dependencies) stay within the bounds.

For example, twilight is licensed under ISC, having a GPL or even MPL dependency or dependency of a dependency would potentially compromise that.

It also can help block duplicate dependencies from being introduced to avoid lengthening compile times, if that's desirable. It can also check if any of the dependencies in the tree have security advisories (though dependabot also does this), and check if any of them are unmaintained.

Enabling this should only require installing it via cargo install cargo-deny and following it's steps for adding a deny.toml at the top of the repo.

Metadata

Metadata

Assignees

No one assigned

    Labels

    c-allAffects all crates or the project as a wholet-ciAnything to do with CI.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions