Support scanning Rust binaries built with cargo auditable
#1332
Assignees
Labels
enhancement
New feature or request
Comments
|
Thanks for the FR. this indeed looks like a great fit for OSV-Scanner. |
oliverchang
added
backlog
|
@G-Rath is this something we can put in your backlog? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
cargo auditableis a project by Rust's Secure Code WG. It embeds the list of dependencies into the binary itself, so that it can then be audited for known vulnerabilities.Auditing such binaries is already supported by
cargo auditand Trivy. It would be nice to get support for it inosv-scanneras well.cargo auditableis used for all Rust builds by at least 5 Linux distributions, including Alpine. A number of organizations usecargo auditable, but to the best of my knowledge only Microsoft has spoken about it publicly.There is already a Go library for extracting this data, which should make the integration quite easy: https://github.com/microsoft/go-rustaudit
I am the principal author of
cargo auditableand I'm happy to answer any questions you might have.The text was updated successfully, but these errors were encountered: