rustsec
rustsec copied to clipboard
rustsec
RustSec API & Tooling
I just decided to upgrade my `cargo-audit` from `v0.17.6` to `v0.18.2`. The command then failed: ``` $ cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` error: couldn't fetch advisory database: git...
While preparing the v0.18.3 I noticed the tests may file (this happened during a second build after minor changes in package metadata but not the first build, so I suspect...
We've recently got `cargo-audit` check fail in the CI for which there is nothing we could do... at least at the moment. It's not critical, so we would like to...
gix 0.52 has added [native support for extracting signatures](https://docs.rs/gix/0.52.0/gix/struct.Commit.html#method.signature) in https://github.com/Byron/gitoxide/pull/973 We should refactor this code to make use of the upstream function: https://github.com/rustsec/rustsec/blob/7c05b2ec0104a1a7c38322d90baf7627add73a11/rustsec/src/repository/git/commit.rs#L78-L93
Now that crates.io sparse index exists and support for it was added in #923, the only hard dependency on git is in fetching the advisory database. It should not be...
I would like a way to use `cargo audit fix` to remove yanked versions from Cargo.lock`. As far as I can tell, there's currently no tool that can automate the...
`cargo audit` currently hardcodes how long it will wait to acquire a filesystem lock: https://github.com/rustsec/rustsec/blob/7c05b2ec0104a1a7c38322d90baf7627add73a11/cargo-audit/src/auditor.rs#L17-L18 It would be nice to make it configurable through the configuration file and/or the command-line...
There needs to be a way to cap the input file size for `cargo audit bin`, otherwise it can be OOM'd by a very large file. https://github.com/rustsec/rustsec/blob/d28345409daaf3c747634a10487255dccb01168d/cargo-audit/src/binary_deps.rs#L20-L22
Fixes #818 ### Description Cargo audit provides flexible controls for which kinds of advisories are reported (e.g. show/hide unmaintained or unsound) and which are considered fatal (i.e. cause non-zero exit...
I am trying to use RUSTSEC advisory's `affected` `functions` info to determine whether code using a "vulnerable" dependency is actually affected or not for the https://github.com/google/osv-scanner tool. (https://github.com/google/osv-scanner/pull/452) Essentially #21,...
