Audit
TODO
Audit Cargo.lock files for crates containing security vulnerabilities
cargo install cargo-audit
cargo audit
Embded the exact crate versions in your Rust executable for auditability
cargo-auditable⮳ makes production Rust binaries auditable.
It audits binaries for known bugs or security vulnerabilities in production, at scale, with zero bookkeeping.
This works by embedding data about the dependency tree in JSON format into a dedicated linker section of the compiled executable.
List the license(s) of dependencies
Cargo subcommand to see license of dependencies.
You can install cargo-license with cargo install cargo-license and run it in your project directory with: cargo license or cargo-license.
cargo deny
cargo-deny is a cargo plugin that lets you lint your project's dependency graph to ensure all your dependencies conform to your expectations and requirements.
- Checks the license information for each crate.
- Checks for / bans specific crates in your graph, as well as duplicates.
- Checks advisory databases for crates with security vulnerabilities, or that have been marked as Unmaintained, or which have been yanked from their source registry.
- Checks the source location for each crate.
Install with:
cargo install --locked cargo-deny
# Or, if you're an Arch user
pacman -S cargo-deny
cargo deny init
cargo deny check
cargo deny check licenses