Skip to content
Audit Cargo.lock files for crates with security vulnerabilities
Rust
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Add support for reading lockfiles from STDIN (closes #67) Aug 16, 2019
tests tests: Rewrite as Abscissa acceptance tests Aug 10, 2019
.gitignore Cargo.lock: Check in initial version (fixes #69) Mar 2, 2019
.travis.yml .travis.yml: rustsec, clippy, self-audit via cargo run (fixes #81) Jul 16, 2019
CHANGES.md v0.8.0 Aug 16, 2019
CODE_OF_CONDUCT.md Adopt the Contributor Covenant (version 1.4) Jul 20, 2018
Cargo.lock v0.8.0 Aug 16, 2019
Cargo.toml v0.8.0 Aug 16, 2019
LICENSE-APACHE
LICENSE-MIT Initial commit Feb 7, 2017
README.md Upgrade to abscissa v0.3 Aug 6, 2019
appveyor.yml tests: Rewrite as Abscissa acceptance tests Aug 10, 2019
rustfmt.toml Improve error message when lockfile is missing Mar 4, 2017
screenshot.png README.md: Update screenshot Jul 23, 2018

README.md

cargo audit

Latest Version Build Status Appveyor Status Safety Dance Rust 1.35+ Apache 2.0 OR MIT licensed Gitter Chat

Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database.

Requirements

cargo audit requires Rust 1.35 or later.

Installation

cargo audit is a Cargo subcommand and can be installed with cargo install:

$ cargo install cargo-audit

Once installed, run cargo audit at the toplevel of any Cargo project.

Using cargo audit on Travis CI

To automatically run cargo audit on every build in Travis CI, you can add the following to your .travis.yml:

language: rust
cache: cargo # cache cargo-audit once installed
before_script:
  - cargo install --force cargo-audit
  - cargo generate-lockfile
script:
  - cargo audit

Reporting Vulnerabilities

Report vulnerabilities by opening pull requests against the RustSec Advisory Database GitHub repo:

Report Vulnerability

Screenshot

Screenshot

License

Licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.

You can’t perform that action at this time.