Question 1

How do I use cargo-auditable with Docker containers?

Accepted Answer

Build your Rust binaries in Docker using 'cargo auditable build', and security tools like Trivy can scan the resulting images. Chainguard's rust base container includes it by default for easy integration.

Question 2

cargo-auditable or cargo-vet: which is better for security?

Accepted Answer

cargo-auditable is for post-build vulnerability auditing of binaries, while cargo-vet is for proactive supply chain attack prevention via code review. Use both for comprehensive security.

Question 3

Can cargo-auditable scan WebAssembly modules?

Accepted Answer

Yes, it supports WebAssembly targets from v0.6.3 onward, and tools like wasm-tools can extract the embedded dependency data for auditing WASM files.

Question 4

How to extract the embedded JSON from a binary manually?

Accepted Answer

Use tools like rust-audit-info or parse it with a simple Python script as documented in PARSING.md. The data is in a .dep-v0 section and can be decompressed easily.

Question 5

Does cargo-auditable work with GitHub Actions?

Accepted Answer

Yes, install it via 'cargo install cargo-auditable' in your workflow and use 'cargo auditable build' in build steps. It integrates smoothly into CI/CD pipelines for automated auditing.

Question 6

What's the difference between cargo-auditable and Cargo's SBOM feature?

Accepted Answer

cargo-auditable is a stable, standalone tool that embeds data now, while Cargo's native SBOM feature is unstable and requires nightly Rust. cargo-auditable paves the way for future Cargo integration.

rust-audit

What is rust-audit?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions