dev-security 0.9.0

Security auditing for Rust. Wraps cargo-audit and cargo-deny. Vulnerability scanning, license compliance, banned-crate policies. Part of the dev-* verification suite.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

//! Run only the vulnerability scanner (`cargo audit`) and print the result.
//!
//! ```text
//! cargo install cargo-audit
//! cargo run --example audit_only
//! ```

use dev_security::{AuditError, AuditRun, AuditScope};

fn main() {
    let result = match AuditRun::new("example", "0.1.0")
        .scope(AuditScope::Vulnerabilities)
        .execute()
    {
        Ok(r) => r,
        Err(AuditError::AuditToolNotInstalled) => {
            eprintln!("cargo-audit is not installed; install with `cargo install cargo-audit`.");
            return;
        }
        Err(e) => {
            eprintln!("audit failed: {e}");
            return;
        }
    };
    println!(
        "{} findings (worst severity: {:?})",
        result.findings.len(),
        result.worst_severity()
    );
    for f in &result.findings {
        println!(
            "  {} [{:?}] {}{}",
            f.id, f.severity, f.affected_crate, f.title
        );
    }
}