Skip to main content

Rust Application Analysis

The Cargo coordinate-based matching feature provides the ability to scan and evaluate Rust dependencies found in the Cargo.lock file.

Cargo Package Manager

  • Cargo.lock - Cargo is the package manager for Rust. Cargo downloads Rust dependencies, compiles packages, makes distributable packages, and uploads them to, the Rust community’s package registry.

  • Support includes Security and Identity data.

  • The fields name and version of the dependency under each "package" section are evaluated.

Example Cargo.lock file

name = "core-nightly"
version = "1.26.2"

name = "grin"
version = "1.0.0"

name = "protobuf"
version = "2.5.0"