Rust code quality and vulnerability scan tool

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/rust

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • JetBrains - Developer Ecosystem Survey 2022
  • rustsec

    Audit Cargo.lock files for dependencies with security vulnerabilities

    cargo audit will check all your dependencies against the rustsec database and is closer to being a first-party tool than the fancier stuff that also performs the same function.

  • advisory-db

    Security advisory database for Rust crates published through crates.io

    If that were true then https://github.com/RustSec/advisory-db/ would not exist.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • miri

    An interpreter for Rust's mid-level intermediate representation

    cargo miri is sort of a blend of ideas from Valgrind and LLVM's sanitizers which you can use to cargo test your unsafe code for undefined behaviour, data races, etc. that can't be caught at compile time. (See also loom which does permutation testing to explore the implications of the C11 memory model for your unsafe code.)

  • siderophile

    Find the ideal fuzz targets in a Rust codebase

    I'll go ahead and plug siderophile -- you can use it to find all the uses of unsafe in your codebase, and prioritize them for fuzzing, human review, etc.

  • dylint

    A tool for running Rust lints from dynamic libraries

    If you're looking for something like clippy but with custom lints, there's also dylint -- it is clippy, but with support for running dynamically loaded lints across multiple versions of Rust.

  • Cargo

    The Rust package manager

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts