1 unstable release
| 0.1.0 | Oct 23, 2022 |
|---|
#2517 in Parser implementations
28,940 downloads per month
Used in cargo-audit
9KB
68 lines
RustSec Crates 🦀🛡️📦
The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via crates.io.
The advisory database itself can be found at:
https://github.com/RustSec/advisory-db
About this repository
This repository contains a Cargo Workspace with all of the crates maintained by the RustSec project:
| Name | Description | Crate | Documentation | Build |
|---|---|---|---|---|
cargo‑audit |
Audit Cargo.lock against the advisory DB |  |
 |
 |
cargo‑lock |
Self-contained Cargo.lock parser |  |
 |
 |
cvss |
Common Vulnerability Scoring System |  |
 |
 |
platforms |
Rust platform registry |  |
 |
 |
rustsec |
Advisory DB client library |  |
 |
 |
rustsec‑admin |
Linter and web site generator |  |
 |
 |
License
All crates licensed under either of
at your option.
lib.rs:
Obtains the dependency list from a compiled Rust binary by parsing its panic messages. Recovers both crate names and versions.
Caveats
- If the crate never panics, it will not show up. The Rust compiler is very good at removing unreachable panics, so we can only discover at around a half of all dependencies.
- C code such as
openssl-srcnever shows up, because it can't panic. - Only crates installed from a registry are discovered. Crates from local workspace or git don't show up.
Alternatives
cargo auditable embeds the complete dependency information
into binaries, which can then be recovered using auditable-info.
It should be used instead of quitters whenever possible, unless you're specifically after panics.
Dependencies
~3–4MB
~69K SLoC