serai/deny.toml
Luke Parker 56574f2f5b
Add a cargo deny workflow (#89)
* Add a cargo deny workflow

Also trims out a pointless submodule checkout (we have none).

* Remove no longer relevant advisories/allowances

* Patch for array-bytes

* Remove unused properties

* Restore chrono advisory

* Allow MPL-2.0, correct GPL-3.0 allowance specification

* Properly ban copyleft, run on all crates

* Exceptions for Serai crates (AGPL-3.0)

* Remove top comments

* Clarify reasoning for not checking advisories in CI

* Run all checks in CI

While this may bring down an unrelated commit, we can manually review, before creating a followup commit allowing it. If it's critical, then this did its job.
2022-11-16 20:53:35 -06:00

73 lines
1.5 KiB
TOML

[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
yanked = "deny"
notice = "warn"
unmaintained = "warn"
ignore = [
"RUSTSEC-2020-0071", # https://github.com/chronotope/chrono/issues/602
]
[licenses]
unlicensed = "deny"
allow = [
# Effective public domain
"CC0-1.0",
"Unlicense",
# Attribution required
"MIT",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"Unicode-DFS-2016",
"OpenSSL",
# Non-invasive copyleft
"MPL-2.0",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"GPL-3.0 WITH Classpath-exception-2.0",
]
copyleft = "deny"
allow-osi-fsf-free = "neither"
default = "deny"
exceptions = [
{ allow = ["AGPL-3.0"], name = "ethereum-serai" },
{ allow = ["AGPL-3.0"], name = "serai-processor" },
{ allow = ["AGPL-3.0"], name = "serai-extension" },
{ allow = ["AGPL-3.0"], name = "serai-multisig" },
{ allow = ["AGPL-3.0"], name = "serai-runtime" },
{ allow = ["AGPL-3.0"], name = "serai-consensus" },
{ allow = ["AGPL-3.0"], name = "serai-node" },
]
[[licenses.clarify]]
name = "ring"
version = "*"
expression = "MIT AND ISC AND OpenSSL"
license-files = [
{ path = "LICENSE", hash = 0xbd0eed23 }
]
[bans]
multiple-versions = "warn"
wildcards = "warn"
highlight = "all"
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = [
"https://github.com/serai-dex/substrate",
"https://github.com/hack-ink/array-bytes"
]