FOSSA supports Rust codebases through Cargo.
Feature in Alpha
FOSSA's support for Cargo is currently in Alpha.
When Rust code is imported, FOSSA will inspect any
cargo.lock files and download their dependencies for analysis.
- Optional dependencies are currently handled like Java optional dependencies, when they should be enabled/disabled based on features
- FOSSA does not currently understand default/missing features
- FOSSA does not handle path dependencies that point above your repo root
CI/CD Scanning currently does not have support for Cargo builds.
Comment on this GitHub issue to receive updates on fossa-cli support for Rust.
View our docs on adding a new language integration yourself!
Currently, FOSSA supports only public packages on the Cargo registry.
Cargo packages are downloaded and extracted for full code auditing; metadata from the registry and
cargo.toml manifest are parsed and extracted.
Updated about a year ago