Rust Application Analysis
The Cargo coordinate-based matching feature provides the ability to scan and evaluate Rust dependencies found in the Cargo.lock file.
Cargo Package Manager
- Cargo.lock - Cargo is the package manager for Rust. Cargo downloads Rust dependencies, compiles packages, makes distributable packages, and uploads them to crates.io, the Rust community’s package registry.
- Support includes Security and Identity data.
- The fields name and version of the dependency under each "package" section are evaluated.
Example Cargo.lock file
[[package]] name = "core-nightly" version = "1.26.2" [[package]] name = "grin" version = "1.0.0" [[package]] name = "protobuf" version = "2.5.0"