diff --git a/.cargo/audit.toml b/.cargo/audit.toml
index 15bd81b363b64..4c4134605a008 100644
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@@ -9,4 +9,10 @@ ignore = [
     # `chrono` also suffers from a similar vulnerability ([`RUSTSEC-2020-0159`](https://rustsec.org/advisories/RUSTSEC-2020-0159),
     # but it's already patched in `0.4.20` by rewriting vulnerable C function in Rust).
     "RUSTSEC-2020-0071",
+
+    # https://github.com/risingwavelabs/risingwave/issues/11842
+    "RUSTSEC-2023-0052",
+
+    # It's impossible to get rid of OpenSSL (or more accurately, the `rsa` crate), and no patch is yet available.
+    "RUSTSEC-2023-0071",
 ]
diff --git a/ci/scripts/check.sh b/ci/scripts/check.sh
index f0a1d02ee20e9..3b12ad39d5e9e 100755
--- a/ci/scripts/check.sh
+++ b/ci/scripts/check.sh
@@ -48,9 +48,6 @@ echo "--- Show sccache stats"
 sccache --show-stats
 sccache --zero-stats
 
-# RUSTSEC-2023-0052: https://github.com/risingwavelabs/risingwave/issues/11842
-# RUSTSEC-2023-0071 https://github.com/risingwavelabs/risingwave/issues/13703
+# Config file: .cargo/audit.toml
 echo "--- Run audit check"
-cargo audit \
-  --ignore RUSTSEC-2023-0052 \
-  --ignore RUSTSEC-2023-0071
+cargo audit