cargo-audit
Safeguard articles tagged "cargo-audit" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Auditing Rust Dependencies with cargo-audit
cargo-audit checks your Cargo.lock against the RustSec Advisory Database, flagging vulnerable, yanked, and unmaintained crates. Here is how to use it and extend it.
cargo-audit and cargo-deny: A Real Workflow
A senior-engineer-grade workflow for using cargo-audit and cargo-deny together, with realistic policy decisions and the mistakes teams repeat.
Using cargo-audit and the RustSec Advisory Database to ca...
A hands-on cargo-audit tutorial: scan Rust dependencies against the RustSec advisory database, interpret results, and block vulnerable crates before they ship.
Rust Crate Security: cargo audit, cargo vet and Beyond
cargo audit catches known-bad versions, cargo vet forces someone to actually read the code. What each tool covers, what neither covers, and how to run both without hating your CI.
cargo audit vs cargo deny
A practical head-to-head between cargo-audit 0.21 and cargo-deny 0.16 based on six months of running both in production CI pipelines.
Crates.io Security Audit Results: The State of Rust Package Security
Security audits of the Rust crate ecosystem reveal patterns of unsafe code, build script risks, and supply chain vulnerabilities. Here is what the data shows.