Audit Dependencies with cargo-audit and cargo-deny

Beginner8 minTrending

Scan Rust dependencies for security vulnerabilities, license violations, and supply chain risks.

Prerequisites

-Rust toolchain installed
-A Cargo project with dependencies

Steps

Install cargo-audit

Install the security audit tool that checks against the RustSec advisory database.

$ cargo install cargo-audit

Run a vulnerability scan

Check all dependencies for known security vulnerabilities.

$ cargo audit

Run this in CI to catch new vulnerabilities as the advisory database is updated daily.

Install and configure cargo-deny

Set up cargo-deny for comprehensive dependency policy enforcement.

$ cargo install cargo-deny && cargo deny init

Check licenses and advisories

Run cargo-deny to check for license compliance and security advisories.

$ cargo deny check advisories && cargo deny check licenses

Check for duplicate and banned dependencies

Detect duplicate crate versions and enforce banned crate rules.

$ cargo deny check bans && cargo deny check sources

Duplicate dependencies increase binary size. Use 'cargo deny check bans' to find them.

Full Script

full-script.sh

#!/bin/bash
# Rust Dependency Audit
set -euo pipefail

echo "=== Security Vulnerabilities ==="
cargo audit 2>&1 || true

echo ""
echo "=== Dependency Policy Check ==="
if command -v cargo-deny &> /dev/null; then
  echo "--- Advisories ---"
  cargo deny check advisories 2>&1 || true
  echo ""
  echo "--- Licenses ---"
  cargo deny check licenses 2>&1 || true
  echo ""
  echo "--- Bans (duplicates) ---"
  cargo deny check bans 2>&1 || true
else
  echo "cargo-deny not installed. Run: cargo install cargo-deny"
fi

echo ""
echo "=== Audit Commands ==="
echo "Vulnerabilities: cargo audit"
echo "Fix vuln:        cargo audit fix"
echo "Advisories:      cargo deny check advisories"
echo "Licenses:        cargo deny check licenses"
echo "Duplicates:      cargo deny check bans"
echo "All checks:      cargo deny check"

FAQ

Discussion

Loading comments...

#!/bin/bash # Rust Dependency Audit set -euo pipefail echo "=== Security Vulnerabilities ===" cargo audit 2>&1 || true echo "" echo "=== Dependency Policy Check ===" if command -v cargo-deny &> /dev/null; then echo "--- Advisories ---" cargo deny check advisories 2>&1 || true echo "" echo "--- Licenses ---" cargo deny check licenses 2>&1 || true echo "" echo "--- Bans (duplicates) ---" cargo deny check bans 2>&1 || true else echo "cargo-deny not installed. Run: cargo install cargo-deny" fi echo "" echo "=== Audit Commands ===" echo "Vulnerabilities: cargo audit" echo "Fix vuln: cargo audit fix" echo "Advisories: cargo deny check advisories" echo "Licenses: cargo deny check licenses" echo "Duplicates: cargo deny check bans" echo "All checks: cargo deny check"