cargo audit

Audit Cargo.lock for crates with security vulnerabilities reported to the RustSec Advisory Database.

This implements an idea originally proposed in this (closed) RFC:

https://github.com/rust-lang/rfcs/pull/1752

Requirements

cargo audit requires Rust 1.31 or later.

Installation

cargo audit is a Cargo subcommand and can be installed with cargo install:

$ cargo install cargo-audit

Once installed, run cargo audit at the toplevel of any Cargo project.

Using `cargo audit` on Travis CI

To automaticlly run cargo audit on every build in Travis CI, you can add the following to your .travis.yml:

language: rust
before_script:
  - cargo install --force cargo-audit
script:
  - cargo audit

Reporting Vulnerabilities

Report vulnerabilities by opening pull requests against the RustSec Advisory Database GitHub repo:

Screenshot

License

Licensed under either of:

Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.

Name	Latest commit message	Commit time
Failed to load latest commit information.
src	Fix option parsing (closes #63 )	Dec 16, 2018
.gitignore
.travis.yml
CHANGES.md
CODE_OF_CONDUCT.md	Adopt the Contributor Covenant (version 1.4)	Jul 20, 2018
Cargo.lock
Cargo.toml	Update to 'rustsec' crate v0.11	Mar 2, 2019
LICENSE-APACHE
LICENSE-MIT
README.md
appveyor.yml
rustfmt.toml	Improve error message when lockfile is missing	Mar 4, 2017
screenshot.png	README.md: Update screenshot	Jul 23, 2018

RustSec/cargo-audit

Join GitHub today

Clone with HTTPS

Downloading...

Launching GitHub Desktop...

Launching GitHub Desktop...

Launching Xcode...

Launching Visual Studio...

README.md