`cargo audit` can now scan compiled binaries

• cargo-auditable

  23 547 7.9 Rust

  Make production Rust binaries auditable

  

I've been working to bring vulnerability scanning to Rust binaries by creating cargo auditable, which embeds the list of dependencies and their versions into the compiled binary. This lets you audit the binary you actually run, instead of the Cargo.lock file in some repo somewhere.

• rustsec

  33 1,521 9.5 Rust

  RustSec API & Tooling

  

P.S. I also made scanning binaries 5x faster in the latest release of cargo audit.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• advisory-db

  37 856 9.2

  Security advisory database for Rust crates published through crates.io

  

However, I keep getting this error when running cargo audit bin ~/.cargo/bin/*, even if I replace * with a specific binary: Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 467 security advisories (from C:\Users\jonah\.cargo\advisory-db) Updating crates.io index error: I/O operation failed: The system cannot find the path specified. (os error 3) I'm on Windows 10.

• cargo-update

  11 1,126 6.6 Rust

  A cargo subcommand for checking and applying updates to installed executables

Would be nice if this worked with cargo-update somehow.

• syft

  32 5,451 9.8 Go

  CLI tool and library for generating a Software Bill of Materials from container images and filesystems

  

I think you can already do that using Syft.

• rfcs

  666 5,700 9.8 Markdown

  RFCs for changes to Rust

  

Yes. But Cargo is currently in a feature freeze and is not accepting new features.

Suggest a related project