Crate rustsec

RustSec: rustsec crate

Client library for accessing the RustSec Security Advisory Database: fetches the advisory-db (or other compatible) git repository and audits Cargo.lock files against it.

Documentation

About

The rustsec crate is primarily intended to be used by the cargo-audit crate for the purposes of identifying vulnerable crates in Cargo.lock files.

However, it may be useful if you would like to consume the RustSec advisory database in other capacities.

Minimum Supported Rust Version

Rust 1.70 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

License

Licensed under either of:

• Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.

Re-exports

• pub use crate::advisory::Advisory;
• pub use crate::database::Database;
• pub use crate::report::Report;
• pub use crate::repository::git::Repository;
• pub use cargo_lock;
• pub use fs_err as fs;
• pub use platforms;
• pub use semver;

Modules

• advisory
  Security advisories in the RustSec database
• database
  Database containing RustSec security advisories
• osv
  Provides support for exporting to the interchange format defined by https://github.com/google/osv
• package
  Rust packages enumerated in Cargo.lock
• registrygit
  Support for interacting with the local crates.io registry index
• report
  Vulnerability report generator
• repository
  Repository handling for the RustSec advisory DB

Structs

• Error
  Error type
• Fixer
  Auto-fixer for vulnerable dependencies
• Lockfile
  Parsed Cargo.lock file containing dependencies
• SourceId
  Unique identifier for a source of packages.
• Version
  SemVer version as defined by https://semver.org.
• VersionReq
  SemVer version requirement describing the intersection of some version comparators, such as >=1.2.3, <1.8.
• Vulnerability
  A vulnerable package and the associated advisory
• Warning
  Warnings sourced from the Advisory DB

Enums

• Collection
  Collections of packages (crates vs rust).
• ErrorKind
  Custom error type for this library
• WarningKind
  Kinds of warnings

Constants

• VERSION
  Current version of the RustSec crate

Type Aliases

• Result
  Result alias with the rustsec crate’s Error type.