Dependency checker for Rust code
patchwork01 opened this issue · comments
Background
Split from:
Depends on:
Description
We'd like to add dependency checking for the new Rust code.
Analysis
The OWASP dependency checker does not support Rust at time of writing:
https://jeremylong.github.io/DependencyCheck/analyzers/index.html
The OWASP dep-scan project does support Rust. It produced a large number of false positives when tested, insisting that the Rust http crate was an older version of the Java Apache HttpClient. See earlier commits in this PR.
We can use cargo audit instead: