Expand description

Know the exact crate versions used to build your Rust executable. Audit binaries for known bugs or security vulnerabilities in production, at scale, with zero bookkeeping.

This works by embedding data about the dependency tree in JSON format into a dedicated linker section of the compiled executable.


Add the following to your Cargo.toml:

build = "build.rs"

auditable = "0.1"

auditable-build = "0.1"

Create a build.rs file next to Cargo.toml with the following contents:

fn main() {

Add the following to the beginning your main.rs (or any other file):

static COMPRESSED_DEPENDENCY_LIST: &[u8] = auditable::inject_dependency_list!();

Put the following in some reachable location in the code, e.g. in fn main():

    // Actually use the data to work around a bug in rustc:
    // https://github.com/rust-lang/rust/issues/47384
    // On nightly you can use `test::black_box` instead of `println!`
    println!("{}", COMPRESSED_DEPENDENCY_LIST[0]);

Recovering the info

The data can be extracted later using the auditable-extract crate or via a command-line tool.

See the README for instruction on recovering the info and other frequently asked questions.


Embeds the dependency tree into a dedicated linker section in the compiled executable.