Expand description
§RustSec: rustsec crate
Client library for accessing the RustSec Security Advisory Database:
fetches the advisory-db (or other compatible) git repository and
audits Cargo.lock files against it.
§About
The rustsec crate is primarily intended to be used by the cargo-audit crate
for the purposes of identifying vulnerable crates in Cargo.lock files.
However, it may be useful if you would like to consume the RustSec advisory database in other capacities.
§Minimum Supported Rust Version
Rust 1.73 or higher.
Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.
§License
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
§Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.
Re-exports§
pub use crate::advisory::Advisory;pub use crate::database::Database;pub use crate::report::Report;pub use crate::repository::git::Repository;pub use cargo_lock;pub use fs_err as fs;pub use platforms;pub use semver;
Modules§
- advisory
- Security advisories in the RustSec database
- binary_
scanning - Recover dependency list from compiled Rust binaries
- database
- Database containing
RustSecsecurity advisories - osv
- Provides support for exporting to the interchange format defined by https://github.com/google/osv
- package
- Rust packages enumerated in
Cargo.lock - registry
git - Support for interacting with the local crates.io registry index
- report
- Vulnerability report generator
- repository
- Repository handling for the RustSec advisory DB
Structs§
- Error
- Error type
- Fixer
- Auto-fixer for vulnerable dependencies
- Lockfile
- Parsed Cargo.lock file containing dependencies
- Source
Id - Unique identifier for a source of packages.
- Version
- SemVer version as defined by https://semver.org.
- Version
Req - SemVer version requirement describing the intersection of some version
comparators, such as
>=1.2.3, <1.8. - Vulnerability
- A vulnerable package and the associated advisory
- Warning
- Warnings sourced from the Advisory DB
Enums§
- Collection
- Collections of packages (
cratesvsrust). - Error
Kind - Custom error type for this library
- Warning
Kind - Kinds of warnings
Constants§
- VERSION
- Current version of the RustSec crate
Type Aliases§
- Result
- Result alias with the
rustseccrate’sErrortype.