Expand description
RustSec advisory integration.
Security & networking model:
- This module reads advisories from a local directory in the RustSec
advisory-db format — both the v4 Markdown layout (
RUSTSEC-*.mdwith a fenced TOML front-matter) and plain.tomlfiles. It performs no network I/O itself. - Online refresh of the database lives in the CLI (
advisory update, which shells out togit); the core never spawns processes or touches the network. When nothing is cached we degrade gracefully to an empty database rather than crashing — satisfying--offlinecleanly. - Advisory matching is purely metadata-based: locked version vs the
advisory’s
patched/unaffectedsemver requirements.