cargo-audit is a Cargo subcommand for Rust projects that checks the dependencies recorded in Cargo.lock against the RustSec Advisory Database to help identify crates with known security vulnerabilities.
It’s designed to be run from the top level of a Cargo project and also includes functionality for remediating vulnerable requirements and auditing compiled binaries.
This is free and open source software.
Key Features
- Provides an experimental
cargo audit fixsubcommand that can automatically update vulnerable dependency requirements inCargo.toml. - Includes a
cargo audit binsubcommand for auditing compiled binaries. - Works especially well with binaries built using
cargo auditable, where dependency information is embedded in the executable. - Lets users ignore specific advisories with the
--ignoreoption or via anaudit.tomlconfiguration file. - Distributed as the
cargo-auditcrate and categorized as a Cargo plugin for Rust development workflows.
Website: github.com/rustsec/rustsec/tree/main/cargo-audit
Support:
Developer: RustSec Project Contributors
License: Apache License 2.0 or MIT License
cargo-audit is written in Rust. Learn Rust with our recommended free books and free tutorials.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |