diff --git a/.cargo/audit.toml b/.cargo/audit.toml
new file mode 100644
index 00000000..bf44fbd6
--- /dev/null
+++ b/.cargo/audit.toml
@@ -0,0 +1,27 @@
+[advisories]
+ignore = ["RUSTSEC-2024-0436"] # advisory IDs to ignore e.g. ["RUSTSEC-2019-0001", ...]
+informational_warnings = [] # warn for categories of informational advisories
+severity_threshold = "none" # CVSS severity ("none", "low", "medium", "high", "critical")
+
+# Advisory Database Configuration
+[database]
+path = "~/.cargo/advisory-db" # Path where advisory git repo will be cloned
+url = "https://github.com/RustSec/advisory-db.git" # URL to git repo
+fetch = true # Perform a `git fetch` before auditing (default: true)
+stale = false # Allow stale advisory DB (i.e. no commits for 90 days, default: false)
+
+# Output Configuration
+[output]
+deny = ["warnings", "unmaintained", "unsound", "yanked"] # exit on error if unmaintained dependencies are found
+format = "terminal" # "terminal" (human readable report) or "json"
+quiet = false # Only print information on error
+show_tree = true # Show inverse dependency trees along with advisories (default: true)
+
+# Target Configuration
+[target]
+arch = ["x86_64", "aarch64"] # Ignore advisories for CPU architectures other than these
+os = ["linux", "windows", "macos"] # Ignore advisories for operating systems other than these
+
+[yanked]
+enabled = true # Warn for yanked crates in Cargo.lock (default: true)
+update_index = true # Auto-update the crates.io index (default: true)
diff --git a/engage.toml b/engage.toml
index 71366532..0a857b5a 100644
--- a/engage.toml
+++ b/engage.toml
@@ -63,7 +63,7 @@ script = "markdownlint --version"
 [[task]]
 name = "cargo-audit"
 group = "security"
-script = "cargo audit -D warnings -D unmaintained -D unsound -D yanked"
+script = "cargo audit --color=always -D warnings -D unmaintained -D unsound -D yanked"
 
 [[task]]
 name = "cargo-fmt"
diff --git a/flake.nix b/flake.nix
index 544cdd4a..9db2e90a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -144,18 +144,20 @@
           toolchain
         ]
         ++ (with pkgsHost.pkgs; [
-          engage
-          cargo-audit
-
           # Required by hardened-malloc.rs dep
           binutils
 
+          cargo-audit
+          cargo-auditable
+
           # Needed for producing Debian packages
           cargo-deb
 
           # Needed for CI to check validity of produced Debian packages (dpkg-deb)
           dpkg
 
+	  engage
+
           # Needed for Complement
           go