Rust Application Analysis
NEW IN RELEASE 89
The Cargo coordinate based matching feature provides the ability to scan and evaluate Rust dependencies found in the Cargo.lock file.
What is supported
Files named Cargo.lock will be analyzed.
What do we parse from the file?
The fields name and version of the dependency under each "package" section are evaluated. For example:
[[package]] name = "core-nightly" version = "1.26.2"
Integrations with Cargo scanning support
- CLI from version 89
- Jenkins from version 3.9.20200623-110149.2e546a0
- Bamboo from version 1.16.0
Steps to analyze using the CLI
Invoke a CLI scan of a directory or subdirectories containing a Cargo.lock file. Instructions on how to do this can be found here: Nexus IQ CLI.
Example Cargo.lock file
[[package]] name = "core-nightly" version = "1.26.2" [[package]] name = "grin" version = "1.0.0" [[package]] name = "protobuf" version = "2.5.0"
Output from CLI
Steps to analyze using the Jenkins plugin
By default, the Jenkins plugin will not evaluate the Cargo.lock file. A custom Scan Target is needed.
nexusPolicyEvaluation iqApplication: 'SampApp', iqScanPatterns: [[scanPattern: '**/Cargo.lock']], iqStage: 'build'
To find more information on how to configure Jenkins please go to the Nexus Platform Plugin for Jenkins.
Steps to analyze using the Bamboo plugin
Bamboo Scan Targets control what files are examined. To evaluate Rust, add Cargo.lock to the scan targets via "**/Cargo.lock". To find more information on how to configure Bamboo please go to the Nexus IQ for Bamboo.