Rust
FOSSA support for Rust / Cargo projects
FOSSA supports Rust codebases through Cargo.
| Tool | Repository Scanning | CI/CD Scanning |
|---|---|---|
| Cargo | cargo.toml or cargo.lock | cargo.toml |
Repository Scanning
Feature in Alpha
FOSSA's support for Rust with Repository scanning is currently in Alpha.
When Rust code is imported, FOSSA will inspect any cargo.toml or cargo.lock files and download their dependencies for analysis.
Known Limitations:
- Optional dependencies are currently handled like Java optional dependencies, when they should be enabled/disabled based on features
- FOSSA does not currently understand default/missing features
- FOSSA does not handle path dependencies that point above your repo root
CI/CD Scanning
To get started, install the latest release of fossa-cli from our GitHub releases page:
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
Once installed, run fossa analyze inside of your repo's root directory to analyze your Rust project using cargo.
You can view our extended documentation for Rust here.
Package Data
Currently, FOSSA supports only public packages on the Cargo registry.
Cargo packages are downloaded and extracted for full code auditing; metadata from the registry and cargo.toml manifest are parsed and extracted.
Updated about 1 year ago