cargo audit
Audit Cargo.lock for crates with security vulnerabilities reported to the RustSec Advisory Database.
This implements an idea originally proposed in this (closed) RFC:
https://github.com/rust-lang/rfcs/pull/1752
Requirements
cargo audit
requires Rust 1.31 or later.
Installation
cargo audit
is a Cargo subcommand and can be installed with cargo install
:
$ cargo install cargo-audit
Once installed, run cargo audit
at the toplevel of any Cargo project.
Using cargo audit
on Travis CI
To automaticlly run cargo audit
on every build in Travis CI, you can add the following to your .travis.yml
:
language: rust
before_script:
- cargo install --force cargo-audit
script:
- cargo audit
Reporting Vulnerabilities
Report vulnerabilities by opening pull requests against the RustSec Advisory Database GitHub repo:
Screenshot
License
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.