Crate rustsec

source ·
Expand description

§RustSec: rustsec crate

Latest Version Docs Build Status Safety Dance MSRV Apache 2.0 OR MIT licensed Project Chat

Client library for accessing the RustSec Security Advisory Database: fetches the advisory-db (or other compatible) git repository and audits Cargo.lock files against it.

Documentation

§About

The rustsec crate is primarily intended to be used by the cargo-audit crate for the purposes of identifying vulnerable crates in Cargo.lock files.

However, it may be useful if you would like to consume the RustSec advisory database in other capacities.

§Minimum Supported Rust Version

Rust 1.70 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

§License

Licensed under either of:

at your option.

§Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.

Re-exports§

Modules§

  • Security advisories in the RustSec database
  • Database containing RustSec security advisories
  • Provides support for exporting to the interchange format defined by https://github.com/google/osv
  • Rust packages enumerated in Cargo.lock
  • Support for interacting with the local crates.io registry index
  • Vulnerability report generator
  • Repository handling for the RustSec advisory DB

Structs§

  • Error type
  • Auto-fixer for vulnerable dependencies
  • Parsed Cargo.lock file containing dependencies
  • Unique identifier for a source of packages.
  • SemVer version as defined by https://semver.org.
  • SemVer version requirement describing the intersection of some version comparators, such as >=1.2.3, <1.8.
  • A vulnerable package and the associated advisory
  • Warnings sourced from the Advisory DB

Enums§

Constants§

  • Current version of the RustSec crate

Type Aliases§

  • Result alias with the rustsec crate’s Error type.