diff --git a/ci/do-audit.sh b/ci/do-audit.sh
new file mode 100755
index 0000000000..ee09c0a49a
--- /dev/null
+++ b/ci/do-audit.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+
+set -e
+
+here="$(dirname "$0")"
+src_root="$(readlink -f "${here}/..")"
+
+cd "${src_root}"
+
+source ci/rust-version.sh stable
+
+cargo_audit_ignores=(
+  # failure is officially deprecated/unmaintained
+  #
+  # Blocked on multiple upstream crates removing their `failure` dependency.
+  --ignore RUSTSEC-2020-0036
+
+  # `net2` crate has been deprecated; use `socket2` instead
+  #
+  # Blocked on https://github.com/paritytech/jsonrpc/issues/575
+  --ignore RUSTSEC-2020-0016
+
+  # stdweb is unmaintained
+  #
+  # Blocked on multiple upstream crates removing their `stdweb` dependency.
+  --ignore RUSTSEC-2020-0056
+
+  # Potential segfault in the time crate
+  #
+  # Blocked on multiple crates updating `time` to >= 0.2.23
+  --ignore RUSTSEC-2020-0071
+
+  # difference is unmaintained
+  #
+  # Blocked on predicates v1.0.6 removing its dependency on `difference`
+  --ignore RUSTSEC-2020-0095
+
+  # hyper is upgraded on master/v1.6 but not for v1.5
+  --ignore RUSTSEC-2021-0020
+
+  # generic-array: arr! macro erases lifetimes
+  #
+  # ed25519-dalek and libsecp256k1 not upgraded for v1.5
+  --ignore RUSTSEC-2020-0146
+
+)
+scripts/cargo-for-all-lock-files.sh +"$rust_stable" audit "${cargo_audit_ignores[@]}"
+
+cd "${src_root}/programs/bpf"
+"$cargo" stable audit
diff --git a/ci/test-checks.sh b/ci/test-checks.sh
index 5a092f9561..d3868262e5 100755
--- a/ci/test-checks.sh
+++ b/ci/test-checks.sh
@@ -59,45 +59,10 @@ _ "$cargo" nightly clippy -Zunstable-options --workspace --all-targets -- --deny
 
 _ "$cargo" stable fmt --all -- --check
 
-cargo_audit_ignores=(
-  # failure is officially deprecated/unmaintained
-  #
-  # Blocked on multiple upstream crates removing their `failure` dependency.
-  --ignore RUSTSEC-2020-0036
-
-  # `net2` crate has been deprecated; use `socket2` instead
-  #
-  # Blocked on https://github.com/paritytech/jsonrpc/issues/575
-  --ignore RUSTSEC-2020-0016
-
-  # stdweb is unmaintained
-  #
-  # Blocked on multiple upstream crates removing their `stdweb` dependency.
-  --ignore RUSTSEC-2020-0056
-
-  # Potential segfault in the time crate
-  #
-  # Blocked on multiple crates updating `time` to >= 0.2.23
-  --ignore RUSTSEC-2020-0071
-
-  # difference is unmaintained
-  #
-  # Blocked on predicates v1.0.6 removing its dependency on `difference`
-  --ignore RUSTSEC-2020-0095
-
-  # hyper is upgraded on master/v1.6 but not for v1.5
-  --ignore RUSTSEC-2021-0020
-
-  # generic-array: arr! macro erases lifetimes
-  #
-  # ed25519-dalek and libsecp256k1 not upgraded for v1.5
-  --ignore RUSTSEC-2020-0146
-)
-_ scripts/cargo-for-all-lock-files.sh +"$rust_stable" audit "${cargo_audit_ignores[@]}"
+_ ci/do-audit.sh
 
 {
   cd programs/bpf
-  _ "$cargo" stable audit "${cargo_audit_ignores[@]}"
   for project in rust/*/ ; do
     echo "+++ do_bpf_checks $project"
     (