From 16baa91b2b817eea20a0672ef237c11276b01973 Mon Sep 17 00:00:00 2001
From: Vadim Kharitonov <vadim@neon.tech>
Date: Fri, 13 Jan 2023 11:18:50 +0100
Subject: [PATCH] Add more information about `cargo deny`

---
 deny.toml          |  2 +-
 docs/sourcetree.md | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/deny.toml b/deny.toml
index 3a0fe36f87..cfb699bb21 100644
--- a/deny.toml
+++ b/deny.toml
@@ -52,7 +52,7 @@ name = "ring"
 version = "*"
 expression = "MIT AND ISC AND OpenSSL"
 license-files = [
-    { path = "LICENSE", hash = 0xbd0eed23 },
+    { path = "LICENSE", hash = 0xbd0eed23 }
 ]
 
 [licenses.private]
diff --git a/docs/sourcetree.md b/docs/sourcetree.md
index 17e47b670c..db57338a71 100644
--- a/docs/sourcetree.md
+++ b/docs/sourcetree.md
@@ -18,10 +18,6 @@ Intended to be used in integration tests and in CLI tools for local installation
 Documentation of the Neon features and concepts.
 Now it is mostly dev documentation.
 
-`/monitoring`:
-
-TODO
-
 `/pageserver`:
 
 Neon storage service.
@@ -98,6 +94,13 @@ cargo hakari manage-deps
 
 If you don't have hakari installed (`error: no such subcommand: hakari`), install it by running `cargo install cargo-hakari`.
 
+### Checking Rust 3rd-parties
+[Cargo deny](https://embarkstudios.github.io/cargo-deny/index.html) is a cargo plugin that lets us lint project's dependency graph to ensure all dependencies conform to requirements. It detects security issues, matches licenses, and ensures crates only come from trusted sources.
+
+```bash
+cargo deny check
+```
+
 ## Using Python
 Note that Debian/Ubuntu Python packages are stale, as it commonly happens,
 so manual installation of dependencies is not recommended.