name: Weekly Dependency Audit on: schedule: - cron: '13 2 * * 0' workflow_dispatch: jobs: audit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Rust dependency audit run: | cargo install cargo-audit 2>/dev/null || true echo "=== Cargo Audit ===" cargo audit 2>&1 | tee cargo-audit.txt || true echo "" echo "=== Version Pinning Check ===" grep -n '"\*"' Cargo.toml || echo "No wildcard versions found" - name: Check for critical vulnerabilities run: | if grep -qi "RUSTSEC.*critical\|vulnerability found" cargo-audit.txt 2>/dev/null; then echo "::error::Critical Rust dependency vulnerabilities found" exit 1 fi echo "No critical vulnerabilities detected"