Safeguard
Tag

cargo

Safeguard articles tagged "cargo" — guides, analysis, and best practices for software supply chain and application security.

10 articles

Security Guides

Rust Supply Chain Security: build.rs, Typosquatting, and Auditing crates.io

Rust's borrow checker guarantees memory safety in your code — and nothing about the crates you pull in. A cargo build runs arbitrary code at compile time, before any safe code executes.

Jul 8, 20267 min read
Open Source Security

cargo-audit and cargo-deny: A Real Workflow

A senior-engineer-grade workflow for using cargo-audit and cargo-deny together, with realistic policy decisions and the mistakes teams repeat.

Feb 20, 20267 min read
Application Security

Reachability Analysis for Rust and Cargo in 2026

How reachability analysis cuts noise for Rust services: cargo features, conditional compilation, RustSec advisories, and the tools that handle Rust well.

Feb 11, 20266 min read
Open Source Security

Rust crates.io Supply Chain Controls in 2026

crates.io has gained real supply chain features over the past two years. Here is an honest read on what works, what is still immature, and where to invest.

Feb 2, 20266 min read
Open Source Security

How Snyk Open Source analyzes Cargo.lock for Rust depende...

How Snyk Open Source parses Cargo.lock, matches resolved crate versions against RustSec advisories, and handles Rust workspaces -- a mechanical breakdown of its documented approach.

Aug 29, 20257 min read
Engineering

Vendoring Dependencies: When It Helps and When It Hurts Security

Committing dependencies to your repo buys immutability and availability — and quietly breaks scanners, updates, and license tracking. Here's the honest ledger.

May 25, 20257 min read
Open Source Security

Rust Build Scripts: A Supply Chain Risk Profile

Why build.rs is the highest-leverage attack surface in the Rust ecosystem, with concrete examples from 2023 and 2024 incidents.

Mar 20, 20246 min read
Dependency Security

Rust Cargo Dependency Security Guide

How to secure your Rust supply chain with Cargo.lock, crate auditing, and build script controls.

Nov 10, 20235 min read
Software Supply Chain Security

Cargo Build Script Security: What build.rs Can Do to Your Machine

Rust build scripts run arbitrary code during compilation. Here is what they can access and how to evaluate the risk in your dependency tree.

Dec 8, 20224 min read
Open Source Security

Rust Crate Supply Chain Security: Lessons from a Growing Ecosystem

As Rust adoption accelerates, its crate ecosystem faces the same supply chain threats that plague npm and PyPI. Here's what the Rust community is doing right — and where gaps remain.

Jan 20, 20225 min read
cargo — Safeguard Blog