Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn about security advisories for cratres being added with cargo add #10654

Open
epage opened this issue May 11, 2022 · 1 comment
Open

Warn about security advisories for cratres being added with cargo add #10654

epage opened this issue May 11, 2022 · 1 comment
Labels
C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` Command-add S-triage Status: This issue is waiting on initial triage.

Comments

@epage
Copy link
Contributor

epage commented May 11, 2022

Problem

A user can add a crate with a security advisory and not know it unless they know of the third-party cargo audit, install it, and run it.

Proposed Solution

Integrate cargo audit checks into cargo add when adding a new registry dependency

Notes

Inspired by conversation on zulip about checking it in cargo

It looks like we

We might be blocked on rustsec/rustsec#490
@epage epage added C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` Command-add labels May 11, 2022
@epage
Copy link
Contributor Author

epage commented May 11, 2022

See also killercup/cargo-edit#512

@epage epage mentioned this issue May 11, 2022
Closed
@epage epage mentioned this issue Oct 12, 2022
Closed
@epage epage added the S-triage Status: This issue is waiting on initial triage. label Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` Command-add S-triage Status: This issue is waiting on initial triage.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@epage