diff --git a/.cargo/audit.toml b/.cargo/audit.toml
new file mode 100644
index 00000000..6f67b878
--- /dev/null
+++ b/.cargo/audit.toml
@@ -0,0 +1,13 @@
+# See https://github.com/rustsec/rustsec/blob/main/cargo-audit/audit.toml.example
+[advisories]
+ignore = [
+  # Double Public Key Signing Function Oracle Attack on `ed25519-dalek`
+  # https://rustsec.org/advisories/RUSTSEC-2022-0093
+  # Note(bajtos): We don't use ed25510-dalek in Zinnia AFAIK
+  "RUSTSEC-2022-0093",
+  # webpki: CPU denial of service in certificate path building
+  # https://rustsec.org/advisories/RUSTSEC-2023-0052
+  # Note(bajtos): This dependency is used by deno_fetch and libp2p-webrtc
+  # and there is no upgrade available to fix this issue :shrug:
+  "RUSTSEC-2023-0052",
+]
diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
index 760f217e..542c4be5 100644
--- a/.github/workflows/cargo-audit.yml
+++ b/.github/workflows/cargo-audit.yml
@@ -2,6 +2,7 @@ name: Security audit
 on:
   push:
     paths:
+      - '.cargo/audit.toml'
       - '**/Cargo.toml'
       - '**/Cargo.lock'
 jobs: