Last year, we shipped support for Rust in the Advisory Database, and have already curated around 400 advisories impacting specific Crates in the Cargo package registry. In this feature, we will enable Rust end to end across the our supply chain features including Dependabot and the dependency graph.
Intended Outcome
Rust is an increasingly important programming language community, especially for mission critical applications which need memory safety and performance.
How will it work?
The dependency graph parses the manifest files that developers check into their repositories. We will parse Cargo.toml files to better understand what Cargo crates a repository uses and populate those into the dependency graph. If the Advisory Database has advisories for those specific crates, then we will generate Dependabot alerts
The text was updated successfully, but these errors were encountered:
Summary
Last year, we shipped support for Rust in the Advisory Database, and have already curated around 400 advisories impacting specific Crates in the Cargo package registry. In this feature, we will enable Rust end to end across the our supply chain features including Dependabot and the dependency graph.
Intended Outcome
Rust is an increasingly important programming language community, especially for mission critical applications which need memory safety and performance.
How will it work?
The dependency graph parses the manifest files that developers check into their repositories. We will parse
Cargo.tomlfiles to better understand what Cargo crates a repository uses and populate those into the dependency graph. If the Advisory Database has advisories for those specific crates, then we will generate Dependabot alertsThe text was updated successfully, but these errors were encountered: