Expand description
Core library for rustinel — a defensive Rust supply-chain risk scanner.
§Security invariant
This crate must never execute code from analyzed dependencies. It does
not run build.rs, does not invoke cargo build, and does not load or
evaluate any dependency code. All analysis is static (source inspection) or
metadata-based (lockfiles, manifests, advisory data). Networking is optional
and, when enabled, is limited to advisory metadata; --offline disables it
entirely and never causes a hard failure.
Re-exports§
pub use errors::RustinelError;pub use report::OutputFormat;pub use report::RustinelReport;
Modules§
- advisory
- RustSec advisory integration.
- diff
- errors
- graph
- Dependency-graph queries over a parsed lockfile.
- lockfile
- markdown
- Markdown output helpers.
- policy
- report
- risk
- safety
- Hardening primitives that make rustinel safe to run against fully untrusted inputs (lockfiles, manifests, source trees, advisory databases, registry caches).
- sarif
- SARIF 2.1.0 serialization for the analysis findings.
- sbom
- Standards-based interchange output: SBOM (CycloneDX, SPDX), OSV and OpenVEX.
- signals
Structs§
- Analysis
Options - Options controlling a single analysis run.
- Crate
Metadata - Registry metadata for one crate, gathered by the caller (CLI) from the crates.io API and injected so the core stays network- and clock-free.
Functions§
- analyze_
diff - Analyze a base→head lockfile transition (
diffmode). - analyze_
lockfile - Analyze one
Cargo.lock(checkmode).