Crate depdive[−][src]

Expand description

A rust dependency analysis tool.

depdive provides various analysis metrics for i) Rust crates to aid in dependency selection and monitoring, i) and their version updates, to aid in security review (e.g., for pull requests created by dependabot).

Dependency update review

Given two commit points of a repo, or two paths of repos, presumably the same repo checked out at two commit points, depdive can determine the dependencies that have been updated between the two commits and generate a update review report consisting:

Presence of known advisories
Change in build script files
Change in unsafe files
If code hosted on crates.io differs from the git source
Version diff summary, list of changed files. Depdive also offer the update review report in a markdown formatted string so that when integrated into CI tooling, you can use the output string as it is and post on wherever required (e.g., pull requests updating depndencies, See this example).

Dependency monitoring metrics

You can provide the path of your Cargo project and get the dependency monitoring metrics in json format, such as usage and activity metrics, lines of code, and unsafe code of your dependency crates. Check impls of DependencyAnalyzer and DependencyGraphAnalyzer at the library root. Note that, code-mterics use (cargo-geiger)[https://github.com/rust-secure-code/cargo-geiger] which cannot be run more than once at a time.