Audit Cargo.lock for crates with security vulnerabilities reported to the RustSec Advisory Database.
This implements an idea originally proposed in this (closed) RFC:
cargo audit requires Rust 1.25 or later.
cargo audit is a Cargo subcommand and can be installed with
$ cargo install cargo-audit
Once installed, run
cargo audit at the toplevel of any Cargo project.
Report vulnerabilities by opening pull requests against the RustSec Advisory Database GitHub repo:
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.