Audit Cargo.lock files for crates with security vulnerabilities reported to theRustSec Advisory Database.
Requirements
cargo audit requires Rust 1.52 or later.
Installation
cargo audit is a Cargo subcommand and can be installed with cargo install:
Once installed, run cargo audit at the toplevel of any Cargo project.
Alpine Linux
Arch Linux
MacOS
OpenBSD
Screenshot
cargo audit fix subcommand
This tool supports an experimental feature to automatically update Cargo.tomlto fix vulnerable dependency requirements.
To enable it, install cargo audit with the fix feature enabled:
Once installed, run cargo audit fix to automatically fix vulnerable dependency requirements:
This will modify Cargo.toml in place. To perform a dry run instead, which shows a preview of what dependencies would be upgraded, run cargo audit fix --dry-run.
Using cargo audit on Travis CI
To automatically run cargo audit on every build in Travis CI, you can add the following to your .travis.yml:
Using cargo audit on GitHub Action
Please use audit-check action directly.
Reporting Vulnerabilities
Report vulnerabilities by opening pull requests against the RustSec Advisory Database GitHub repo:
No comments:
Post a Comment