37 releases

Uses new Rust 2021

0.17.0 May 23, 2022
0.16.0 Nov 15, 2021
0.15.2 Sep 12, 2021
0.15.0 Jul 1, 2021
0.2.0 Mar 6, 2017

#8 in Cargo plugins

Download history 8042/week @ 2022-03-11 7775/week @ 2022-03-18 8426/week @ 2022-03-25 7124/week @ 2022-04-01 7254/week @ 2022-04-08 6759/week @ 2022-04-15 7300/week @ 2022-04-22 6854/week @ 2022-04-29 6937/week @ 2022-05-06 6627/week @ 2022-05-13 7255/week @ 2022-05-20 7444/week @ 2022-05-27 9050/week @ 2022-06-03 10353/week @ 2022-06-10 12409/week @ 2022-06-17 6884/week @ 2022-06-24

39,857 downloads per month
Used in 4 crates

Apache-2.0 OR MIT

210KB
4.5K SLoC

RustSec: cargo audit

Latest Version Build Status Safety Dance MSRV Apache 2.0 OR MIT licensed Project Chat

Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database.

Requirements

cargo audit requires Rust 1.57 or later.

Installation

Packaging status

cargo audit is a Cargo subcommand and can be installed with cargo install:

$ cargo install cargo-audit

Once installed, run cargo audit at the toplevel of any Cargo project.

Alpine Linux

# apk add cargo-audit

Arch Linux

# pacman -S cargo-audit

MacOS

$ brew install cargo-audit

OpenBSD

# pkg_add cargo-audit

Screenshot

Screenshot

cargo audit fix subcommand

This tool supports an experimental feature to automatically update Cargo.toml to fix vulnerable dependency requirements.

To enable it, install cargo audit with the fix feature enabled:

$ cargo install cargo-audit --features=fix

Once installed, run cargo audit fix to automatically fix vulnerable dependency requirements:

Screenshot

This will modify Cargo.toml in place. To perform a dry run instead, which shows a preview of what dependencies would be upgraded, run cargo audit fix --dry-run.

Using cargo audit on Travis CI

To automatically run cargo audit on every build in Travis CI, you can add the following to your .travis.yml:

language: rust
cache: cargo # cache cargo-audit once installed
before_script:
  - cargo install --force cargo-audit
  - cargo generate-lockfile
script:
  - cargo audit

Using cargo audit on GitHub Action

Please use audit-check action directly.

Reporting Vulnerabilities

Report vulnerabilities by opening pull requests against the RustSec Advisory Database GitHub repo:

Report Vulnerability

License

Licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~8–19MB
~416K SLoC