rustsec
rustsec copied to clipboard
rustsec
RustSec API & Tooling
Uses our fork of the upstream project: https://github.com/rustsec/rust-cache
It would be nice to prevent ci from failing on dev dependencies, especially for external examples. [Example](https://github.com/notify-rs/notify/runs/4577156011?check_suite_focus=true) this will always fail but is totally irrelevant for the security of notify...
``` $ cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` error: couldn't fetch advisory database: git operation failed: malformed URL ''; class=Net (12); code=InvalidSpec (-12) ``` This is version 0.11.2. I...
I'm using `ssh` as a SOCKS proxy for everything curl and git-related. This works fine but after installing `cargo-audit` the command fails to fetch the db: ``` 653 [15:52] roberto@roberto-aw:src/leftpad-rs>...
I have not reproduced this but looking at `rustsec::registry`, it looks like it is vulnerable to the same [bug](https://github.com/frewsxcv/rust-crates-index/issues/62) I ran into with cargo-edit. You can see [my workaround](https://github.com/killercup/cargo-edit/blob/master/src/fetch.rs#L184).
GitLab supports rendering the results of dependency scanning with the code itself. It'd be nice if `cargo-audit` could be coerced to write it in the format that GitLab understands. If...
# Advisory Impact Standard Is there a standard for documenting how upstream dependency vulnerabilities impact a given crate, so that users of the crate know (a) the authors are aware...
When I run `cargo audit -v`, I see strange error message: ```text $ cargo audit -v error: unrecognized option `-v` cargo-audit 0.16.0 Tony Arcieri Audit Cargo.lock for crates with security...
I just filed a feature request to cargo in https://github.com/rust-lang/cargo/issues/10016 to run audits on install.
`cargo-audit` always uses ANSI color escape codes, even when `--color=auto`. ## Actual Behavior ``` $ cargo r audit --color=auto | file - ... /dev/stdin: UTF-8 Unicode text, with escape sequences...
