#cargo-subcommand #security #audit #vulnerability

bin+lib cargo-audit

Audit Cargo.lock for crates with security vulnerabilities

24 releases (10 breaking)

✓ Uses Rust 2018 edition

new 0.10.0 Oct 14, 2019
0.9.1 Sep 26, 2019
0.7.0 Jul 15, 2019
0.6.1 Dec 16, 2018
0.2.0 Mar 6, 2017

#11 in Cargo plugins

Download history 1421/week @ 2019-07-01 1495/week @ 2019-07-08 1699/week @ 2019-07-15 1789/week @ 2019-07-22 1595/week @ 2019-07-29 1437/week @ 2019-08-05 1555/week @ 2019-08-12 1624/week @ 2019-08-19 1554/week @ 2019-08-26 1444/week @ 2019-09-02 1470/week @ 2019-09-09 1434/week @ 2019-09-16 1725/week @ 2019-09-23 3032/week @ 2019-09-30 3742/week @ 2019-10-07

7,842 downloads per month

Apache-2.0 OR MIT

64KB
741 lines

cargo audit

Latest Version Build Status Safety Dance MSRV Apache 2.0 OR MIT licensed Gitter Chat

Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database.

Requirements

cargo audit requires Rust 1.36 or later.

Installation

cargo audit is a Cargo subcommand and can be installed with cargo install:

$ cargo install cargo-audit

Once installed, run cargo audit at the toplevel of any Cargo project.

Using cargo audit on Travis CI

To automatically run cargo audit on every build in Travis CI, you can add the following to your .travis.yml:

language: rust
cache: cargo # cache cargo-audit once installed
before_script:
  - cargo install --force cargo-audit
  - cargo generate-lockfile
script:
  - cargo audit

Reporting Vulnerabilities

Report vulnerabilities by opening pull requests against the RustSec Advisory Database GitHub repo:

Report Vulnerability

Screenshot

Screenshot

License

Licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~13MB
~297K SLoC