Add `cargo-deny` with license/advisory/duplicate checks #5

open opened by

jonaskruckenberg.de 1 month ago

Scope:

Add deny.toml at repo root with sensible defaults (deny unknown licenses, warn on duplicates, enforce RustSec advisories).
New CI job cargo-deny that runs cargo deny check.
Run against Cargo.toml + Cargo.lock (fine that Buck2 uses reindeer — the lockfile is still authoritative for advisories).

Acceptance: CI job runs and currently passes (or documents known exceptions in deny.toml).

Labels

None yet.

assignee

None yet.

Participants 1

AT URI

at://did:plc:wur5mmsnhlocanyqtus3oex5/sh.tangled.repo.issue/3mjkddtqkgc22