2022-02-28 21:16:10 -08:00
# All of the options which can be passed via CLI arguments can also be
# permanently specified in this file.
# RUSTSEC-2020-0071 and RUSTSEC-2020-0159 are low severity vulnerable upstream Solana crates. Ignored for now.
[ advisories ]
2022-05-18 08:16:14 -07:00
ignore = [ "RUSTSEC-2020-0016" , "RUSTSEC-2020-0036" , "RUSTSEC-2020-0056" , "RUSTSEC-2020-0071" , "RUSTSEC-2020-0159" , "RUSTSEC-2021-0078" , "RUSTSEC-2021-0079" ] # advisory IDs to ignore e.g. ["RUSTSEC-2019-0001", ...]
2022-02-28 21:16:10 -08:00
informational_warnings = [ "unmaintained" ] # warn for categories of informational advisories
severity_threshold = "medium" # CVSS severity ("none", "low", "medium", "high", "critical")
# Advisory Database Configuration
[ database ]
path = "~/.cargo/advisory-db" # Path where advisory git repo will be cloned
url = "https://github.com/RustSec/advisory-db.git" # URL to git repo
fetch = true # Perform a `git fetch` before auditing (default: true)
stale = false # Allow stale advisory DB (i.e. no commits for 90 days, default: false)
# Output Configuration
[ output ]
deny = [ ] # exit on error if unmaintained dependencies are found
format = "terminal" # "terminal" (human readable report) or "json"
quiet = false # Only print information on error
show_tree = true # Show inverse dependency trees along with advisories (default: true)
# Target Configuration
[ target ]
# arch = "x86_64" # Ignore advisories for CPU architectures other than this one
# os = "linux" # Ignore advisories for operating systems other than this one
[ yanked ]
enabled = false # Warn for yanked crates in Cargo.lock (default: true)
update_index = true # Auto-update the crates.io index (default: true)