roadmap icon indicating copy to clipboard operation
roadmap copied to clipboard
verified publisher icon github

Dependency graph and Dependabot alerts add support for Rust

Open github-product-roadmap opened this issue 3 years ago • 0 comments

Summary

Last year, we shipped support for Rust in the Advisory Database, and have already curated around 400 advisories impacting specific Crates in the Cargo package registry. In this feature, we will enable Rust end to end across the our supply chain features including Dependabot and the dependency graph.

Intended Outcome

Rust is an increasingly important programming language community, especially for mission critical applications which need memory safety and performance.

How will it work?

The dependency graph parses the manifest files that developers check into their repositories. We will parse Cargo.toml files to better understand what Cargo crates a repository uses and populate those into the dependency graph. If the Advisory Database has advisories for those specific crates, then we will generate Dependabot alerts

github-product-roadmap avatar May 18 '22 19:05 github-product-roadmap

This has shipped to dotcom! 🚢 https://github.blog/changelog/2022-07-22-dependency-graph-adds-package-metadata-for-rust-dependencies/ https://github.blog/changelog/2022-06-06-dependency-graph-adds-vulnerability-alerting-support-for-rust

closing out this issue

spaltrowitz avatar Sep 13 '22 20:09 spaltrowitz