[][src]Crate auditable

Know the exact crate versions used to build your Rust executable. Audit binaries for known bugs or security vulnerabilities in production, at scale, with zero bookkeeping.

This works by embedding data about the dependency tree in JSON format into a dedicated linker section of the compiled executable.

Usage

Add the following to your Cargo.toml:

build = "build.rs"

[dependencies]
auditable = "0.1"

[build-dependencies]
auditable-build = "0.1"

Create a build.rs file next to Cargo.toml with the following contents:

This example is not tested
fn main() {
    auditable_build::collect_dependency_list();
}

Add the following to the beginning your main.rs (or any other file):

This example is not tested
static COMPRESSED_DEPENDENCY_LIST: &[u8] = auditable::inject_dependency_list!();

Put the following in some reachable location in the code, e.g. in fn main():

This example is not tested
    // Actually use the data to work around a bug in rustc:
    // https://github.com/rust-lang/rust/issues/47384
    // On nightly you can use `test::black_box` instead of `println!`
    println!("{}", COMPRESSED_DEPENDENCY_LIST[0]);

Recovering the info

The data can be extracted later using the auditable-extract crate or via a command-line tool.

See the README for instruction on recovering the info and other frequently asked questions.

Macros

inject_dependency_list

Embeds the dependency tree into a dedicated linker section in the compiled executable.