Crate dev_security

Expand description

§dev-security

Security auditing for Rust. Wraps cargo-audit (RustSec advisory database) and cargo-deny (license + policy enforcement). Part of the dev-* verification suite.

Output is a dev-report::Report so AI agents and CI gates can act on findings programmatically.

§What it checks

Vulnerabilities: known CVEs in your dependency tree (via cargo-audit).
Licenses: license policy compliance (via cargo-deny).
Banned crates: explicit allow/deny lists (via cargo-deny).
Source policies: registry/git source restrictions (via cargo-deny).

§Quick example

use dev_security::{AuditRun, AuditScope};

let run = AuditRun::new("my-crate", "0.1.0").scope(AuditScope::All);
let result = run.execute().unwrap();
let report = result.into_report();

§Status

Pre-1.0. API shape defined; subprocess integration lands in 0.9.1.

Structs§

AuditResult: Result of an audit run.
AuditRun: Configuration for an audit run.
Finding: A single security finding.

Enums§

AuditError: Errors that can arise during an audit.
AuditScope: Scope of an audit run.

Crate dev_security

Crate dev_security Copy item path

§dev-security

§What it checks

§Quick example

§Status

Structs§

Enums§

Crate dev_security