Rust Application Analysis

The Cargo coordinate-based matching feature provides the ability to scan and evaluate Rust dependencies found in the Cargo.lock file.

Cargo Package Manager

Cargo.lock - Cargo is the package manager for Rust. Cargo downloads Rust dependencies, compiles packages, makes distributable packages, and uploads them to crates.io, the Rust community’s package registry.
Support includes Security and Identity data.
The fields name and version of the dependency under each "package" section are evaluated.

Example Cargo.lock file

[[package]]
name = "core-nightly"
version = "1.26.2"

[[package]]
name = "grin"
version = "1.0.0"

[[package]]
name = "protobuf"
version = "2.5.0"