-
Notifications
You must be signed in to change notification settings - Fork 83
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
410 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,185 @@ | ||
{ | ||
"$schema": "https://json-schema.org/draft-07/schema#", | ||
"$id": "https://github.com/EmbarkStudios/cargo-deny/deny.schema.json", | ||
"title": "cargo-deny configuration file", | ||
"description": "You can find the full documentation for the config file at https://embarkstudios.github.io/cargo-deny/checks/cfg.html\n", | ||
"type": "object", | ||
"properties": | ||
{ | ||
"advisories": | ||
{ | ||
"$ref": "#/definitions/advisories" | ||
}, | ||
"graph": | ||
{ | ||
"$ref": "#/definitions/graph" | ||
}, | ||
"output": | ||
{ | ||
"$ref": "#/definitions/output" | ||
} | ||
}, | ||
"definitions": | ||
{ | ||
"advisories": | ||
{ | ||
"description": "This section is considered when running `cargo deny check advisories`\nMore documentation for the advisories section can be found here:\nhttps://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html\n", | ||
"type": "object", | ||
"properties": | ||
{ | ||
"db-urls": | ||
{ | ||
"type": "array", | ||
"items": | ||
{ | ||
"type": "string", | ||
"format": "uri" | ||
}, | ||
"description": "URLs to one or more advisory databases.\n\nDefault: [RustSec Advisory DB](https://github.com/RustSec/advisory-db)\n" | ||
}, | ||
"db-path": | ||
{ | ||
"type": "string", | ||
"description": "Path to the root directory into which one or more advisory databases are cloned into.\n\nThis value supports basic shell expansion:\n\n- `~` - Expands to [`home::home_dir`](https://docs.rs/home/latest/home/fn.home_dir.html)\n- `$VARNAME` - Expands to [`std::env::var(\"VARNAME\")`](https://doc.rust-lang.org/std/env/fn.var.html)\n- `${VARNAME}` - Expands to [`std::env::var(\"VARNAME\")`](https://doc.rust-lang.org/std/env/fn.var.html)\n- `${VARNAME:-fallback}` - Expands to [`std::env::var(\"VARNAME\")`](https://doc.rust-lang.org/std/env/fn.var.html)\n or the fallback value if it doesn't exist (everything between the `:-` and `}`)\n- `$CARGO_HOME` - Expands to [`std::env::var(\"CARGO_HOME\")`](https://doc.rust-lang.org/std/env/fn.var.html)\n if it exists, otherwise expands to `$(home::home_dir())/.cargo`\n\nNote that the path must be valid utf-8, after expansion.\n\nDefault: `$CARGO_HOME/advisory-dbs`\n" | ||
}, | ||
"version": | ||
{ | ||
"enum": | ||
[ | ||
2 | ||
], | ||
"description": "The advisories section has an upcoming breaking change, with deprecation warnings for several\nfields that will be removed. Setting `version = 2` will opt-in to the future default behavior.\n\nThe breaking change is as follows:\n\n- `vulnerability` - Removed, all vulnerability advisories now emit errors.\n- `unmaintained` - Removed, all unmaintained advisories now emit errors.\n- `unsound` - Removed, all unsound advisories now emit errors.\n- `notice` - Removed, all notice advisories now emit errors.\n- `severity-threshold` - Removed, all vulnerability advisories now emit errors.\n\nAs before, if you want to ignore a specific advisory, add it to the `ignore` field.\n" | ||
}, | ||
"vulnerability": | ||
{ | ||
"deprecated": true, | ||
"description": "**DEPRECATED** (see `version` field)\n\nDetermines what happens when a crate with a security vulnerability is encountered.\n\n- `deny` (default) - Will emit an error with details about each vulnerability, and fail the check.\n- `warn` - Prints a warning for each vulnerability, but does not fail the check.\n- `allow` - Prints a note about the security vulnerability, but does not fail the check.\n" | ||
}, | ||
"unmaintained": | ||
{ | ||
"deprecated": true, | ||
"enum": | ||
[ | ||
"deny", | ||
"warn", | ||
"allow" | ||
], | ||
"x-taplo": | ||
{ | ||
"docs": | ||
{ | ||
"enumValues": | ||
[ | ||
"Will emit an error with details about the problem, and fail the check.", | ||
"Prints a warning for each propblem, but does not fail the check.", | ||
"Prints a note about the problem, but does not fail the check." | ||
] | ||
} | ||
}, | ||
"description": "Determines what happens when a crate with an `unmaintained` advisory is encountered.\nDefault: warn\n" | ||
} | ||
} | ||
}, | ||
"graph": | ||
{ | ||
"description": "The graph table configures how the dependency graph is constructed and thus which crates the\nchecks are performed against\n", | ||
"type": "object", | ||
"properties": | ||
{ | ||
"targets": | ||
{ | ||
"type": "array", | ||
"items": | ||
{ | ||
"$ref": "#/definitions/target" | ||
}, | ||
"description": "By default, cargo-deny will consider every single crate that is resolved by cargo, including\ntarget specific dependencies e.g.\n\n```ini\n[target.x86_64-pc-windows-msvc.dependencies]\nwinapi = \"0.3.8\"\n\n[target.'cfg(target_os = \"fuchsia\")'.dependencies]\nfuchsia-cprng = \"0.1.1\"\n```\n\nBut unless you are actually targeting `x86_64-fuchsia` or `aarch64-fuchsia`, the `fuchsia-cprng` is\nnever actually going to be compiled or linked into your project, so checking it is pointless for you.\n\nThe `targets` field allows you to specify one or more targets which you **actually** build for.\nEvery dependency link to a crate is checked against this list, and if none of the listed targets\nsatisfy the target constraint, the dependency link is ignored. If a crate has no dependency links\nto it, it is not included into the crate graph that the checks are\nexecuted against.\n" | ||
}, | ||
"exclude": | ||
{ | ||
"type": "array", | ||
"items": | ||
{ | ||
"type": "string" | ||
}, | ||
"description": "Just as with the [`--exclude`](https://embarkstudios.github.io/cargo-deny/cli/common.html#--exclude-dev)\ncommand line option, this field allows you to specify one or more [Package ID specifications](https://doc.rust-lang.org/cargo/commands/cargo-pkgid.html)\nthat will cause the crate(s) in question to be excluded from the crate graph that is used\nfor the operation you are performing.\n\nNote that excluding a crate is recursive, if any of its transitive dependencies are only referenced\nvia the excluded crate, they will also be excluded from the crate graph.\n" | ||
}, | ||
"all-features": | ||
{ | ||
"type": "boolean", | ||
"description": "If set to `true`, `--all-features` will be used when collecting metadata." | ||
}, | ||
"no-default-features": | ||
{ | ||
"type": "boolean", | ||
"description": "If set to `true`, `--no-default-features` will be used when collecting metadata." | ||
}, | ||
"features": | ||
{ | ||
"type": "array", | ||
"items": | ||
{ | ||
"type": "string" | ||
}, | ||
"description": "If set, and `--features` is not specified on the cmd line, these features will be used when\ncollecting metadata.\n" | ||
}, | ||
"exclude-dev": | ||
{ | ||
"type": "boolean", | ||
"description": "If set to `true`, all `dev-dependencies`, even one for workspace crates, are not included\nin the crate graph used for any of the checks. This option can also be enabled on cmd line\nwith `--exclude-dev` either [before](https://embarkstudios.github.io/cargo-deny/cli/common.html#--exclude-dev)\nor [after](https://embarkstudios.github.io/cargo-deny/cli/check.html#--exclude-dev)\nthe `check` subcommand.\n" | ||
} | ||
} | ||
}, | ||
"target": | ||
{ | ||
"oneOf": | ||
[ | ||
{ | ||
"$ref": "#/definitions/target-triple" | ||
}, | ||
{ | ||
"$ref": "#/definitions/target-object" | ||
} | ||
] | ||
}, | ||
"target-object": | ||
{ | ||
"description": "Advanced configurations to apply for the target triple", | ||
"type": "object", | ||
"required": | ||
[ | ||
"triple" | ||
], | ||
"properties": | ||
{ | ||
"triple": | ||
{ | ||
"$ref": "#/definitions/target-triple" | ||
}, | ||
"features": | ||
{ | ||
"description": "Rust `cfg()` expressions support the [`target_feature = \"feature-name\"`](https://doc.rust-lang.org/reference/attributes/codegen.html#the-target_feature-attribute)\npredicate, but at the moment, the only way to actually pass them when compiling is to use\nthe `RUSTFLAGS` environment variable. The `features` field allows you to specify 1 or more\n`target_feature`s you plan to build with, for a particular target triple. At the time of\nthis writing, cargo-deny does not attempt to validate that the features you specify are\nactually valid for the target triple, but this is [planned](https://github.com/EmbarkStudios/cfg-expr/issues/1).\n" | ||
} | ||
} | ||
}, | ||
"target-triple": | ||
{ | ||
"type": "string", | ||
"description": "The [target triple](https://forge.rust-lang.org/release/platform-support.html) for the target\nyou wish to filter target specific dependencies with. If the target triple specified is **not**\none of the targets builtin to `rustc`, the configuration check for that target will be limited\nto only the raw `[target.<target-triple>.dependencies]` style of target configuration, as `cfg()`\nexpressions require us to know the details about the target.\n" | ||
}, | ||
"output": | ||
{ | ||
"description": "The output table provides options for how/if diagnostics are outputted", | ||
"type": "object", | ||
"properties": | ||
{ | ||
"feature-depth": | ||
{ | ||
"type": "integer", | ||
"minimum": 0, | ||
"description": "The maximum depth that features will be displayed when inclusion graphs are included in\ndiagnostics, unless specified via `--feature-depth` on the command line. Only applies to\ndiagnostics that actually print features. If not specified defaults to `1`.\n" | ||
} | ||
} | ||
} | ||
} | ||
} |
Oops, something went wrong.