fleetreach-cli 1.0.0

Fleet-wide dependency security audit across 12 ecosystems from one CLI: deduplicated and ranked, with blast-radius analysis, a batched remediation queue, and sound Rust reachability.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

[package]
name = "fleetreach-cli"
version.workspace = true
edition.workspace = true
license.workspace = true
rust-version.workspace = true
repository.workspace = true
homepage.workspace = true
readme.workspace = true
keywords.workspace = true
categories.workspace = true
description = "Fleet-wide dependency security audit across 12 ecosystems from one CLI: deduplicated and ranked, with blast-radius analysis, a batched remediation queue, and sound Rust reachability."

[lints]
workspace = true

[features]
# Opt-in network access: advisory-DB fetch (via scan) + KEV/EPSS/NVD enrichment
# (via ureq). Off by default so the build is pure-Rust (no rustls/aws-lc/ring);
# without it, use --db for the advisory DB and --kev-file/--epss-file to enrich. M-5.
network = ["dep:ureq", "fleetreach-scan/network"]

[lib]
name = "fleetreach_cli"
path = "src/lib.rs"

[[bin]]
name = "fleetreach"
path = "src/main.rs"

[dependencies]
fleetreach-core = { path = "../core", version = "1.0.0" }
fleetreach-scan = { path = "../scan", version = "1.0.0" }
fleetreach-reach = { path = "../reach", version = "1.0.0" }
fleetreach-correlate = { path = "../correlate", version = "1.0.0" }
fleetreach-report = { path = "../report", version = "1.0.0" }
fleetreach-go = { path = "../go", version = "1.0.0" }
fleetreach-npm = { path = "../npm", version = "1.0.0" }
fleetreach-pypi = { path = "../pypi", version = "1.0.0" }
fleetreach-rubygems = { path = "../rubygems", version = "1.0.0" }
fleetreach-packagist = { path = "../packagist", version = "1.0.0" }
fleetreach-nuget = { path = "../nuget", version = "1.0.0" }
fleetreach-julia = { path = "../julia", version = "1.0.0" }
fleetreach-swift = { path = "../swift", version = "1.0.0" }
fleetreach-hex = { path = "../hex", version = "1.0.0" }
fleetreach-ghactions = { path = "../ghactions", version = "1.0.0" }
fleetreach-maven = { path = "../maven", version = "1.0.0" }
serde = { workspace = true }
sha2 = { workspace = true }
toml = { workspace = true }
walkdir = { workspace = true }
thiserror = { workspace = true }
anyhow = { workspace = true }
clap = { workspace = true }
time = { workspace = true }
serde_json = { workspace = true }
# blocking HTTP for the KEV/EPSS feeds + advisory-DB fetch (the `network` feature);
# pulls rustls (vendored-C crypto), so it is optional and off by default. M-5.
ureq = { version = "2", optional = true }
rayon = "1"

[dev-dependencies]
assert_cmd = "2"
predicates = "3"
proptest = "1"