Introduce cargo-deny in the project
Angelmmiguel opened this issue · comments
Ángel M commented
Is your feature request related to a problem? Please describe.
cargo-deny is a cargo plugin to lint the project dependencies and ensure they follow a set of rules and requirements. The goal is to simplify the dependency management and reinforce certain rules for any project contributor.
cargo-deny
supports different kind of checks:
- Licenses
- Bans (avoid specific crates and check duplicated ones)
- Advisories (check for CVEs and unmaintained libraries)
- Sources
Describe the solution you'd like
There different steps for this specific task:
- Install
cargo-deny
- Create the initial configuration
- Run it as part of every PR and in the main branch
Describe alternatives you've considered
I reviewed cargo-vet as some places compare them. However, for me they are complementary. This approach involves more effort, so I would consider it as a improvement for the future.
Additional context
No response