cargo audit

Audit Cargo.lock for crates with security vulnerabilities reported to the [RustSec Advisory Database].

This implements an idea originally proposed in this (closed) RFC:

https://github.com/rust-lang/rfcs/pull/1752

Installation

cargo audit is a Cargo subcommand and can be installed with cargo install:

$ cargo install cargo-audit

Once installed, it can be run on the toplevel of any Cargo project.

Reporting Vulnerabilities

Vulneraties can be reported by opening pull requests against the [RustSec Advisory Database] GitHub repo:

Screenshot

License

Licensed under either of:

• Apache License, Version 2.0 ([LICENSE-APACHE] or https://www.apache.org/licenses/LICENSE-2.0)
• MIT license ([LICENSE-MIT] or https://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.