You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What would you like to be added: rust-audit is a tool/cargo plugin for embedding dependency information in Rust binaries, for subsequent scanning/inspection (similar to go binaries).
I'd like syft to be able to detect Rust crate dependencies in Rust binaries built with rust
Why is this needed:
To account for statically linked Rust binaries in SBOMs/scanning.
Additional context:
I've been discussing rust-audit with the Rust secure code working group recently - the format is currently a simplified version of Cargo.lock but there's a desire to embed the information in a standardized way and we're looking into options.
Because of this if syft were to support this it should likely be marked as experimental, or off by default in some way.
The text was updated successfully, but these errors were encountered:
What would you like to be added:
rust-audit is a tool/cargo plugin for embedding dependency information in Rust binaries, for subsequent scanning/inspection (similar to go binaries).
I'd like syft to be able to detect Rust crate dependencies in Rust binaries built with rust
Why is this needed:
To account for statically linked Rust binaries in SBOMs/scanning.
Additional context:
I've been discussing rust-audit with the Rust secure code working group recently - the format is currently a simplified version of Cargo.lock but there's a desire to embed the information in a standardized way and we're looking into options.
Because of this if syft were to support this it should likely be marked as experimental, or off by default in some way.
The text was updated successfully, but these errors were encountered: