Audit
Audit cargo.lock
Files for Crates Containing Security Vulnerabilities
cargo audit
checks for crates with known security vulnerabilities.
cargo install cargo-audit
cargo audit
Embed the Exact Crate Versions in Your Rust Executable for Auditability
cargo-auditable⮳ makes production Rust binaries auditable.
It audits binaries for known bugs or security vulnerabilities in production, at scale, with zero bookkeeping.
This works by embedding data about the dependency tree in JSON format into a dedicated linker section of the compiled executable.
List the license(s) of Dependencies
cargo-license
⮳ is a cargo
⮳ subcommand to see license of dependencies.
You can install cargo-license
⮳ with cargo install cargo-license
and run it in your project directory with: cargo license
or cargo-license
⮳.
cargo deny
cargo-deny
⮳ is a cargo
⮳ plugin that lets you lint your project's dependency graph to ensure all your dependencies conform to your expectations and requirements.
- Checks the license information for each crate.
- Checks for / bans specific crates in your graph, as well as duplicates.
- Checks advisory databases for crates with security vulnerabilities, or that have been marked as Unmaintained, or which have been yanked from their source registry.
- Checks the source location for each crate.
Install with:
cargo install --locked cargo-deny
# Or, if you're an Arch user
pacman -S cargo-deny
cargo deny init
cargo deny check
cargo deny check licenses
Related Topics
- Dependency Analysis: Useful for understanding your supply chain and potential risks
cargo tree
displays your dependency tree, showing all transitive dependencies.cargo outdated
checks for outdated dependencies, which might have security fixes available.
- Linting/Style:
cargo clippy
lints your code for stylistic issues and potential bugs.