From d9f65ad9cf630e08cf291316c5e4af703de2b243 Mon Sep 17 00:00:00 2001
From: jpoehnelt-bot <jpoehnelt-bot@users.noreply.github.com>
Date: Tue, 31 Mar 2026 11:28:50 -0600
Subject: [PATCH] ci: add cargo-audit workflow for dependency vulnerability
 scanning

---
 .changeset/add-cargo-audit-ci.md |  5 ++++
 .github/workflows/audit.yml      | 45 ++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 .changeset/add-cargo-audit-ci.md
 create mode 100644 .github/workflows/audit.yml

diff --git a/.changeset/add-cargo-audit-ci.md b/.changeset/add-cargo-audit-ci.md
new file mode 100644
index 00000000..cb84cbac
--- /dev/null
+++ b/.changeset/add-cargo-audit-ci.md
@@ -0,0 +1,5 @@
+---
+"@googleworkspace/cli": patch
+---
+
+Add cargo-audit CI workflow for automated dependency vulnerability scanning
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
new file mode 100644
index 00000000..571cabb8
--- /dev/null
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,45 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Audit
+
+on:
+  push:
+    branches: [main]
+    paths: ['Cargo.lock', 'Cargo.toml', 'crates/*/Cargo.toml']
+  pull_request:
+    branches: [main]
+    paths: ['Cargo.lock', 'Cargo.toml', 'crates/*/Cargo.toml']
+  schedule:
+    - cron: '0 6 * * *' # Daily at 06:00 UTC
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+jobs:
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
+      - name: Install cargo-audit
+        uses: taiki-e/install-action@a37010ded18ff788be4440302bd6830b1ae50d8b # cargo-llvm-cov
+        with:
+          tool: cargo-audit
+
+      - name: Run cargo audit
+        run: cargo audit