This file is automatically generated by vet
.
Do not edit it manually.
Holds the audit records for packages in this project. Each record contains:
who
performed the audit,status
of the audit (unsafe, safe to run, safe to deploy),version
of the package that was audited.notes
(optionally) about the audit.
Example:
[audits.example_package]
who = "Example Person <person@example.com>"
status = "safe to deploy" # or "safe to run" or "unsafe"
version = "1.7.2"
notes = "Some notes about the audit"
A list of packages that are exempt from audits.
For sake of ease of getting started, all packages in the poetry.lock
file are exempt by default.
These packages should be audited either manually or via import of an audit from a trusted source.
Example:
[exemptions.example_package]
version = "1.7.2"
status = "safe to deploy"
A list of URLs to audit sources.
Each source must provide a TOML file with audits (same as audits.toml
).
Example:
[imports.example_org]
url = "https://raw.githubusercontent.com/example_org/example_project/main/chain-of-trust/audits.toml"
This file is automatically generated by vet
.
Do not edit it manually.
It holds a local copy of audits from trusted sources specified in the config file.