Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

EmbarkStudios / cargo-deny Public

Notifications You must be signed in to change notification settings
Fork 91
Star 1.8k

Code
Issues 61
Pull requests
Actions
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Security
Insights

Releases: EmbarkStudios/cargo-deny

Releases · EmbarkStudios/cargo-deny

0.5.0

19 Dec 10:52

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

0.5.0

Added

Added the advisories check and configuration section for checking crates against an advisory database to detect security vulnerabilities, unmaintained crates, and crates with security notices
A warning will now be emitted if a crate that isn't in the graph is specified in [bans.skip-tree]

Fixed

PR#58 Fixed #55 to handle license requirements for GPL, AGPL, LGPL, and GFDL better. Thanks for reporting @pikajude!
PR#62 Fixed #56, the [metadata] section in Cargo.lock is now gone in nightly to improve merging, the previous reporting mechanism that required this section has been reworked.

Changed

The check subcommand now takes multiple values eg cargo deny check bans advisories
Specifying either cargo deny check or cargo deny check all will now run the additional advisories check
Previously, if you hadn't specified the [licenses] or [bans] section then running that check would have done nothing. Now if any section (including [advisories]) is not specified, the default configuration will be used.

Deprecated

check ban has been deprecated in favor of check bans
check license has been deprecated in favor of check licenses

Assets 8

Loading

All reactions

0.4.2

03 Dec 09:02

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

0.4.2

Added

PR#48 Added an init subcommand to generate a cargo-deny template file with guiding comments. Thanks @foresterre!

Assets 8

Loading

All reactions

0.4.1

28 Nov 10:02

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

0.4.1

Fixed

PR#46 Fixed issue where license-file was not being turned into an absolute path like the normal license file scanning, causing a crash. Thanks @foresterre!
Fixed an out of bounds panic when skipping a crate which wasn't present in the crate graph, that would have been sorted last if it had existed

Assets 8

Loading

All reactions

0.4.0

07 Nov 18:48

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

0.4.0

Changed

Replaced usage of failure with anyhow
Upgraded askalono and spdx to newer versions that both use version 3.7 of the SPDX license list
The embedded license list now uses zstd for compression resulting in smaller binary files and faster decompression.

Assets 8

Loading

All reactions

0.3.0

30 Oct 17:44

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

0.3.0

Added

Added [licenses.copyleft] config, which can be used to determine what happens when a copyleft license is encountered.
Added [bans.skip-tree] config, which can be used to skip entire subtrees of a dependency graph when considering duplicates

Fixed

Fixed displaying of duplicate errors in the presence of a skipped crate

Assets 8

Loading

All reactions

0.3.0-beta

07 Oct 11:01

Compare

Choose a tag to compare

Loading

0.3.0-beta

Release 0.3.0-beta

Assets 8

Loading

All reactions

0.2.6

27 Jul 10:49

Jake-Shadle

Compare

Choose a tag to compare

Loading

0.2.6

Release 0.2.6

Assets 8

Loading

All reactions

0.2.5

01 Jul 13:22

Jake-Shadle

Compare

Choose a tag to compare

Loading

0.2.5

Release 0.2.5

Assets 8

Loading

All reactions

0.2.3

01 Jul 08:20

Jake-Shadle

Compare

Choose a tag to compare

Loading

0.2.3

Release 0.2.3

Assets 8

Loading

All reactions

0.2.2

28 Jun 14:18

Jake-Shadle

Compare

Choose a tag to compare

Loading

0.2.2

Release 0.2.2

Assets 8

Loading

All reactions

Previous 1 2 … 6 7 8 9 10 Next

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.