Problem
CI in .github/workflows/ci.yml currently runs check/fmt/clippy/test/doc but lacks dependency and advisory security checks.
Impact
Known vulnerable dependencies or policy violations can merge undetected.
Proposed change
- Add dependency/advisory checks to CI using:
cargo audit (required),- optional
cargo deny for license/security policy enforcement.
- Define failure behavior and any allowed exceptions/baselines.
- Document local developer commands for reproducing CI checks.
Acceptance criteria
- CI executes
cargo audit on pull requests.
- Optional
cargo deny policy check is added or tracked behind a clear follow-up plan.
- CI fails on actionable security findings per documented policy.
- Developer docs include commands to run the same checks locally.
Problem
CI in
.github/workflows/ci.ymlcurrently runscheck/fmt/clippy/test/docbut lacks dependency and advisory security checks.Impact
Known vulnerable dependencies or policy violations can merge undetected.
Proposed change
cargo audit(required),cargo denyfor license/security policy enforcement.Acceptance criteria
cargo auditon pull requests.cargo denypolicy check is added or tracked behind a clear follow-up plan.