Location>code7788 >text

Cargo deny installation pointers

Popularity:707 ℃/2024-11-12 09:41:47

All posts on this blog, unless otherwise stated, use theCC BY-NC-SA 4.0License Agreement. Reprinted with permission fromonly you

synopsis

cargo deny is a Rust tool for checking project dependencies for license, security and other compliance issues. In Rust CI (Continuous Integration), cargo deny plays an important role:

  • License inspections:Ensure that all licenses for dependencies used by the project are in compliance with the project's licensing policy.
  • Security Vulnerability Scanning:Check dependencies for known security vulnerabilities.
  • Dependency Item Compliance:Verify that the dependencies meet other requirements of the project, such as version restrictions or source restrictions.
  • Disable specific dependencies:Allow explicit prohibition of certain dependencies.

In the CI process, a cargo deny is often run as a check step to ensure that the project meets all compliance requirements before it is built and deployed. This helps maintain the quality, security and legal compliance of the project.

Bottom line:cargo deny lets you use third-party dependencies legally and with confidence.

utilization

  • Address:Cargo deny
  • Installation commands:
cargo install --locked cargo-deny && cargo deny init && cargo deny check

common error

utilization cargo-deny report an error failed to open advisory database

   Installed package `cargo-deny v0.16.1` (executable ``)
PS E:\Rust\easy-publish> cargo deny check
2024-11-11 02:07:34 [ERROR] failed to fetch advisory database /RustSec/advisory-db: An IO error occurred when talking to the server: error sending request for url (/RustSec/advisory-db/info/refs?service=git-upload-pack)

Option 1: You can try:
1. Delete the ~/.cargo/advisory-db/ directory and re-download it using cargo deny fetch / cargo deny check. How many times?
2. Change the git address in the configuration to the address of the mirror on gitee:/tyr-rust-bootcamp-mirror/
3. Delete it, run cargo deny init to regenerate one, and then modify it to your needs.
4. Check your network and figure out how to ~

Option 2: You can try to solve it by running: cargo deny check advisories

Upgrade to the latest version, a large number of this key has been removed


Solution:

  1. Delete the configuration file under the original project first
  2. Run the command line in the project root directorycargo deny init Re-generate a new version of the file
  3. Find allow in and copy the license from the original allow, which looks like this, into the new one.
allow = [
    "MIT",
    "Apache-2.0",
    "Apache-2.0 WITH LLVM-exception",
    "Unicode-DFS-2016",
    "MPL-2.0",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "ISC",
    "CC0-1.0",
    "OpenSSL",
]
  1. (of a computer) runcargo deny checkRetest the wave to see if it's normal
<Previous Next>