Why This Matters
Cargo-Geiger is a valuable tool for the Rust ecosystem, providing developers and security auditors with statistical insights into the usage of unsafe Rust code within crates and their dependencies. By highlighting potential risks, it helps improve code safety and security practices without making definitive security judgments. Its adoption can lead to more informed decision-making in software development and maintenance.
Key Takeaways
- Cargo-Geiger analyzes unsafe Rust code usage across crates and dependencies.
- It aids security auditing by providing statistical data rather than security assessments.
- The tool supports integration with existing Rust workflows through simple installation and usage.
A tool that lists statistics related to the usage of unsafe Rust code in a Rust crate and all its dependencies.
This cargo plugin was originally based on the code from two other projects:
Installation
Try to find and use a system-wide installed OpenSSL library:
cargo install --locked cargo-geiger
Or, build and statically link OpenSSL as part of the cargo-geiger executable:
cargo install --locked cargo-geiger --features vendored-openssl
Alternatively pre-built binary releases are available from GitHub releases.
Usage
Navigate to the same directory as the Cargo.toml you want to analyze. cargo geiger
... continue reading
GoKawiil