Audit

Audit cargo.lock files for crates containing security vulnerabilities

cargo-audit cargo-audit-crates.io cargo-audit-github cargo-audit-lib.rs cat-development-tools cat-development-tools::cargo-plugins

cargo install cargo-audit
cargo audit

Embded the exact crate versions in your Rust executable for auditability

cargo-auditable cargo-auditable-crates.io cargo-auditable-github cargo-auditable-lib.rs cat-development-tools::cargo-plugins cat-encoding

cargo-auditable⮳ makes production Rust binaries auditable.

It audits binaries for known bugs or security vulnerabilities in production, at scale, with zero bookkeeping.

This works by embedding data about the dependency tree in JSON format into a dedicated linker section of the compiled executable.

List the license(s) of dependencies

cargo-license cargo-license-crates.io cargo-license-github cargo-license-lib.rs cat-development-tools::cargo-plugins

Cargo subcommand to see license of dependencies.

You can install cargo-license with cargo install cargo-license and run it in your project directory with: cargo license or cargo-license.

cargo deny

cargo-deny cargo-deny-crates.io cargo-deny-github cargo-deny-lib.rs cat-development-tools::cargo-plugins

cargo-deny is a cargo plugin that lets you lint your project's dependency graph to ensure all your dependencies conform to your expectations and requirements.

  • Checks the license information for each crate.
  • Checks for / bans specific crates in your graph, as well as duplicates.
  • Checks advisory databases for crates with security vulnerabilities, or that have been marked as Unmaintained, or which have been yanked from their source registry.
  • Checks the source location for each crate.

Install with:

cargo install --locked cargo-deny

# Or, if you're an Arch user
pacman -S cargo-deny
cargo deny init

cargo deny check
cargo deny check licenses