Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for auditable Rust binaries #1108

Closed
tofay opened this issue Jul 19, 2022 · 0 comments · Fixed by #1116
Closed

Add support for auditable Rust binaries #1108

tofay opened this issue Jul 19, 2022 · 0 comments · Fixed by #1116
Labels
enhancement New feature or request

Comments

@tofay
Copy link
Contributor

tofay commented Jul 19, 2022

What would you like to be added:
rust-audit is a tool/cargo plugin for embedding dependency information in Rust binaries, for subsequent scanning/inspection (similar to go binaries).

I'd like syft to be able to detect Rust crate dependencies in Rust binaries built with rust

Why is this needed:
To account for statically linked Rust binaries in SBOMs/scanning.

Additional context:
I've been discussing rust-audit with the Rust secure code working group recently - the format is currently a simplified version of Cargo.lock but there's a desire to embed the information in a standardized way and we're looking into options.
Because of this if syft were to support this it should likely be marked as experimental, or off by default in some way.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add a cataloger for binaries built with rust-audit tofay/syft
1 participant
@tofay