1# This template contains all of the possible sections and their default values
2
3# Note that all fields that take a lint level have these possible values:
4# * deny - An error will be produced and the check will fail
5# * warn - A warning will be produced, but the check will not fail
6# * allow - No warning or error will be produced, though in some cases a note
7# will be
8
9# The values provided in this template are the default values that will be used
10# when any section or field is not specified in your own configuration
11
12# If 1 or more target triples (and optionally, target_features) are specified,
13# only the specified targets will be checked when running `cargo deny check`.
14# This means, if a particular package is only ever used as a target specific
15# dependency, such as, for example, the `nix` crate only being used via the
16# `target_family = "unix"` configuration, that only having windows targets in
17# this list would mean the nix crate, as well as any of its exclusive
18# dependencies not shared by any other crates, would be ignored, as the target
19# list here is effectively saying which targets you are building for.
20graph.targets = [
21    # The triple can be any string, but only the target triples built in to
22    # rustc (as of 1.40) can be checked against actual config expressions
23    #{ triple = "x86_64-unknown-linux-musl" },
24    # You can also specify which target_features you promise are enabled for a
25    # particular target. target_features are currently not validated against
26    # the actual valid features supported by the target architecture.
27    #{ triple = "wasm32-unknown-unknown", features = ["atomics"] },
28]
29
30# This section is considered when running `cargo deny check advisories`
31# More documentation for the advisories section can be found here:
32# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
33[advisories]
34version = 2
35# The path where the advisory database is cloned/fetched into
36db-path = "~/.cargo/advisory-db"
37# The url(s) of the advisory databases to use
38db-urls = ["https://github.com/rustsec/advisory-db"]
39# The lint level for crates that have been yanked from their source registry
40yanked = "warn"
41# A list of advisory IDs to ignore. Note that ignored advisories will still
42# output a note when they are encountered.
43ignore = [
44    # comment explaining why we have to ignore it
45    # "RUSTSEC-FOO",
46]
47# Threshold for security vulnerabilities, any vulnerability with a CVSS score
48# lower than the range specified will be ignored. Note that ignored advisories
49# will still output a note when they are encountered.
50# * None - CVSS Score 0.0
51# * Low - CVSS Score 0.1 - 3.9
52# * Medium - CVSS Score 4.0 - 6.9
53# * High - CVSS Score 7.0 - 8.9
54# * Critical - CVSS Score 9.0 - 10.0
55#severity-threshold =
56
57# If this is true, then cargo deny will use the git executable to fetch advisory database.
58# If this is false, then it uses a built-in git library.
59# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
60# See Git Authentication for more information about setting up git authentication.
61#git-fetch-with-cli = true
62
63# This section is considered when running `cargo deny check licenses`
64# More documentation for the licenses section can be found here:
65# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
66[licenses]
67version = 2
68# List of explicitly allowed licenses
69# See https://spdx.org/licenses/ for list of possible licenses
70# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
71allow = [
72    "MIT",
73    "Apache-2.0",
74    "Unicode-DFS-2016",
75    "ISC",
76]
77# The confidence threshold for detecting a license from license text.
78# The higher the value, the more closely the license text must be to the
79# canonical license text of a valid SPDX license file.
80# [possible values: any between 0.0 and 1.0].
81confidence-threshold = 0.8
82# Allow 1 or more licenses on a per-crate basis, so that particular licenses
83# aren't accepted for every possible crate as with the normal allow list
84exceptions = [
85    # Each entry is the crate and version constraint, and its specific allow
86    # list
87
88]
89
90# Some crates don't have (easily) machine readable licensing information,
91# adding a clarification entry for it allows you to manually specify the
92# licensing information
93#[[licenses.clarify]]
94# The name of the crate the clarification applies to
95#name = "ring"
96# The optional version constraint for the crate
97#version = "*"
98# The SPDX expression for the license requirements of the crate
99#expression = "MIT AND ISC AND OpenSSL"
100# One or more files in the crate's source used as the "source of truth" for
101# the license expression. If the contents match, the clarification will be used
102# when running the license check, otherwise the clarification will be ignored
103# and the crate will be checked normally, which may produce warnings or errors
104# depending on the rest of your configuration
105#license-files = [
106    # Each entry is a crate relative path, and the (opaque) hash of its contents
107    #{ path = "LICENSE", hash = 0xbd0eed23 }
108#]
109
110[[licenses.clarify]]
111name = "ring"
112version = "*"
113expression = "MIT AND ISC AND OpenSSL"
114license-files = [
115    # Each entry is a crate relative path, and the (opaque) hash of its contents
116    { path = "LICENSE", hash = 0xbd0eed23 }
117]
118
119[licenses.private]
120# If true, ignores workspace crates that aren't published, or are only
121# published to private registries.
122# To see how to mark a crate as unpublished (to the official registry),
123# visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field.
124ignore = true
125# One or more private registries that you might publish crates to, if a crate
126# is only published to private registries, and ignore is true, the crate will
127# not have its license(s) checked
128registries = [
129    #"https://sekretz.com/registry
130]
131
132# This section is considered when running `cargo deny check bans`.
133# More documentation about the 'bans' section can be found here:
134# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
135[bans]
136# Lint level for when multiple versions of the same crate are detected
137multiple-versions = "allow"
138# Lint level for when a crate version requirement is `*`
139wildcards = "allow"
140# The graph highlighting used when creating dotgraphs for crates
141# with multiple versions
142# * lowest-version - The path to the lowest versioned duplicate is highlighted
143# * simplest-path - The path to the version with the fewest edges is highlighted
144# * all - Both lowest-version and simplest-path are used
145highlight = "all"
146# List of crates that are allowed. Use with care!
147allow = [
148    #{ name = "ansi_term", version = "=0.11.0" },
149]
150# List of crates to deny
151deny = [
152    # Each entry the name of a crate and a version range. If version is
153    # not specified, all versions will be matched.
154    #{ name = "ansi_term", version = "=0.11.0" },
155    #
156    # Wrapper crates can optionally be specified to allow the crate when it
157    # is a direct dependency of the otherwise banned crate
158    #{ name = "ansi_term", version = "=0.11.0", wrappers = [] },
159]
160# Certain crates/versions that will be skipped when doing duplicate detection.
161skip = [
162    #{ name = "ansi_term", version = "=0.11.0" },
163]
164# Similarly to `skip` allows you to skip certain crates during duplicate
165# detection. Unlike skip, it also includes the entire tree of transitive
166# dependencies starting at the specified crate, up to a certain depth, which is
167# by default infinite
168skip-tree = [
169    #{ name = "ansi_term", version = "=0.11.0", depth = 20 },
170]
171
172# This section is considered when running `cargo deny check sources`.
173# More documentation about the 'sources' section can be found here:
174# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
175[sources]
176# Lint level for what to happen when a crate from a crate registry that is not
177# in the allow list is encountered
178unknown-registry = "warn"
179# Lint level for what to happen when a crate from a git repository that is not
180# in the allow list is encountered
181unknown-git = "warn"
182# List of URLs for allowed crate registries. Defaults to the crates.io index
183# if not specified. If it is specified but empty, no registries are allowed.
184allow-registry = ["https://github.com/rust-lang/crates.io-index"]
185# List of URLs for allowed Git repositories
186allow-git = []