Add cargo-vet and cargo-deny supply-chain security by jerrysxie · Pull Request #8 · OpenDevicePartnership/npcx490m-examples

jerrysxie · 2026-05-12T20:23:44Z

This PR adds supply-chain security tooling based on the
embedded-rust-template:

cargo-vet (supply-chain/) – dependency audit tracking with imports
from ODP shared audits, Google, and Mozilla.
cargo-deny (deny.toml) – license, advisory, ban, and source checks.
CI workflows – cargo-vet.yml + PR comment workflow, and the
deny job in check.yml.

After merging, run cargo vet locally to populate exemptions for any
existing unaudited dependencies:

cargo vet regenerate exemptions
cargo vet

felipebalbi

Approving, but feels a little pedantic for a repository that only holds examples of how to use the PAC :)

Add cargo-vet and cargo-deny supply-chain security

945e381

jerrysxie requested review from RobertZ2011, felipebalbi and tullom as code owners May 12, 2026 20:23

jerrysxie added 4 commits May 17, 2026 17:54

Add supply-chain/README.md

49f51ac

Fix supply-chain file formatting for cargo vet

e3c1073

Fix supply-chain file formatting for cargo vet

f6dfd27

Fix supply-chain file formatting for cargo vet

4e4825c

RobertZ2011 approved these changes May 18, 2026

View reviewed changes

felipebalbi approved these changes May 18, 2026

View reviewed changes

Add cargo-deny CI workflow

3e1bc1d

Copilot AI review requested due to automatic review settings May 27, 2026 01:59

Copilot started reviewing on behalf of jerrysxie May 27, 2026 01:59 View session

jerrysxie review requested due to automatic review settings May 27, 2026 02:19

Provide feedback