A group of Rust projects for interacting with and producing software bill of materials (SBOMs).

Related tags

Utilities rust cargo bom spdx sbom cyclonedx
Overview

Workflow Status codecov

sbom-rs

A group of Rust projects for interacting with and producing software bill of materials (SBOMs).

Examples

cargo-sbom

Create a SPDX SBOM for a Cargo project

In a shell:

$ cargo sbom
{
  "SPDXID": "SPDXRef-DOCUMENT",
  "creationInfo": {
    "created": "2023-07-04T12:38:15.211Z",
    "creators": [
      "Tool: cargo-sbom-v0.8.4"
    ]
  },
  "dataLicense": "CC0-1.0",
  "documentNamespace": "https://docs.rs/cargo_sbom/spdxdocs/cargo-sbom-0.8.4-9cae390a-4b46-457c-95b9-e59a5e62b57d",
  "files": [
    {
  <rest of output omitted>

Create a CycloneDx SBOM in Github Actions

In a Github Actions workflow:

jobs:
  sbom:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - uses: psastras/sbom-rs/actions/install-cargo-sbom@cargo-sbom-latest
    - name: Run cargo-sbom
      run: cargo-sbom --output-format=cyclone_dx_json_1_4

Check Dependencies against the Open Source Vulnerability Database (OSV)

Assumming osv-scanner is installed (see https://osv.dev/)

$ cargo-sbom > sbom.spdx.json
$ osv-scanner --sbom=sbom.spdx.json
Scanned sbom.json as SPDX SBOM and found 91 packages
╭─────────────────────────────────────┬──────┬───────────┬─────────┬─────────┬───────────╮
│ OSV URL                             │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE    │
├─────────────────────────────────────┼──────┼───────────┼─────────┼─────────┼───────────┤
│ https://osv.dev/GHSA-wcg3-cvx6-7396 │ 6.2, │ crates.io │ time    │ 0.1.45  │ sbom.json │
│ https://osv.dev/RUSTSEC-2020-0071   │ 6.2  │           │         │         │           │
╰─────────────────────────────────────┴──────┴───────────┴─────────┴─────────┴───────────╯

Install

cargo-sbom

cargo-sbom may be installed via cargo, cargo-binstall or directly downloaded from the corresponding Github release.

Cargo

cargo install cargo-sbom

Cargo-binstall

cargo binstall cargo-sbom

Github Releases

The latest version is continuously published and tagged.

Using curl,

# make sure to adjust the target and version (you may also want to pin to a specific version)
curl -sSL https://github.com/psastras/sbom-rs/releases/download/cargo-sbom-latest/cargo-sbom-x86_64-unknown-linux-gnu -o cargo-sbom

Documentation

See each subproject for more detailed information:

  • cargo-sbom: CLI tool to produce an SBOM from a Cargo workspace. See the Rust documentation.
  • serde-cyclonedx: Typesafe CycloneDX structures for serializing and deserializing CycloneDX information using serde. See the Rust documentation.
  • serde-spdx: Typesafe SPDX structures for serializing and deserializing SPDX information using serde. See the Rust documentation.
  • actions: Github actions to use cargo-sbom and related tools in CI workflows See the README.md for documentaiton.

Also check the examples.

Development

Before you begin, ensure the following programs are available on your machine:

Assuming cargo is installed on your machine, the standard cargo commands can be run to build and test all projects in the workspace:

cargo build
cargo test

For more information on specific configurations, refer to the cargo documentation.

Releasing

To release a new version (publish to crates.io), prefix the head commit with release: and update the relevant rust crate versions. Once merged into main the pipeline should pick up the change and publish a new version.

License: MIT

Comments
  • ci: bump syn from 1.0.109 to 2.0.23

    ci: bump syn from 1.0.109 to 2.0.23

    Bumps syn from 1.0.109 to 2.0.23.

    Release notes

    Sourced from syn's releases.

    2.0.23

    • Preserve attributes on verbatim Item in statement position (#1476)
    • Support generic_const_exprs where-clauses such as where [(); { T::COUNT }]: in non-"full" mode (#1478)

    2.0.22

    2.0.21

    • Fix value computed by LitByteStr::value in the case of a cooked byte string literal containing form feed or vertical tab characters following an escaped newline (#1474)

    2.0.20

    • Documentation improvements

    2.0.19

    2.0.18

    • Permit empty attr in syn::meta::parser (#1460)

    2.0.17

    • Enable proc_macro support on wasm targets (#1459)

    2.0.16

    2.0.15

    • Ensure Type::Tuple of length 1 prints as a tuple even if trailing comma is not provided in the Punctuated (#1444, thanks @​Fancyflame)

    2.0.14

    2.0.13

    • Improve spans of Expr::Field parsed from a float Literal (#1433, #1436)

    2.0.12

    • Refer to compile_error! by absolute path in token stream produced by syn::Error::to_compile_error (#1431, thanks @​smoelius)

    2.0.11

    • Improve error message on empty parens inside parse_nested_meta (#1428)

    2.0.10

    • Fix visibility being parsed incorrectly on macro invocations inside of a trait

    2.0.9

    • Disallow type items in an extern block, trait, or module from being marked default

    2.0.8

    • Treat try keyword as 2015-edition identifier in definition of try macro (#1422)

    2.0.7

    ... (truncated)

    Commits
    • f3cd37a Release 2.0.23
    • e9a3846 Merge pull request #1478 from dtolnay/nonfullblock
    • 5325bb6 Parse block expr as verbatim in non-full mode
    • 31e4119 Allow caller to keep using begin buffer after verbatim::between
    • 1316ec6 Merge pull request #1476 from dtolnay/verbatimattrs
    • 56226a5 Preserve attributes on verbatim Item in statement position
    • 0ca3547 Release 2.0.22
    • 62bd232 Merge pull request #1475 from dtolnay/litcstr
    • fe0042e Support parsing c-str literals
    • cdacef7 Release 2.0.21
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • ci: bump prettyplease from 0.1.25 to 0.2.10

    ci: bump prettyplease from 0.1.25 to 0.2.10

    Bumps prettyplease from 0.1.25 to 0.2.10.

    Release notes

    Sourced from prettyplease's releases.

    0.2.10

    • Preserve attributes on verbatim Expr (#54)

    0.2.9

    • Recognize ... placeholder in all Verbatim variants

    0.2.8

    • Prevent brace insertion from changing meaning of closure bodies (#52)

    0.2.7

    • Format some standard library macros better (#51)

    0.2.6

    • Fix semicolon on macro_rules written with parentheses (#48)

    0.2.5

    0.2.4

    • Improve formatting of path generics in the trait part of qpath

    0.2.3

    • Improve formatting of match arms (#45)

    0.2.2

    • Fill in even more Verbatim item support

    0.2.1

    • Improve support for some Verbatim variants

    0.2.0

    • Update syn dependency to 2.x
    Commits
    • 8e9d001 Release 0.2.10
    • 73eae68 Update deps to a proc-macro2 that works on current nightly
    • f44639c Add CI job using minimal-versions
    • 6f7a9ee Merge pull request #54 from dtolnay/verbatimattr
    • 596ceaf Preserve attributes on verbatim Expr
    • 4a2318e Release 0.2.9
    • 1593a0c Recognize ellipsis placeholder in all verbatim nodes
    • 82d41ab Release 0.2.8
    • ad3755e Merge pull request #53 from dtolnay/closurebrace
    • 4484fe0 Prevent brace insertion from changing meaning of expression
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • ci: bump serde from 1.0.166 to 1.0.168

    ci: bump serde from 1.0.166 to 1.0.168

    Bumps serde from 1.0.166 to 1.0.168.

    Release notes

    Sourced from serde's releases.

    v1.0.168

    • Allow serde::de::IgnoredAny to be the type for a serde(flatten) field (#2436, thanks @​Mingun)
    • Allow larger preallocated capacity for smaller elements (#2494)

    v1.0.167

    • Add serialize and deserialize impls for RangeFrom and RangeTo (#2471, thanks @​tbu-)
    Commits
    • 09b78b2 Release 1.0.168
    • a622b8a Merge pull request #2495 from dtolnay/cautious
    • 399ef08 Allow larger preallocated capacity for smaller elements
    • 3686277 Merge pull request #2436 from Mingun/flatten-ignored-any
    • 807bd20 Release 1.0.167
    • ed9a140 Merge pull request #2444 from Mingun/dedup
    • 2de7c2b Resolve redundant_static_lifetimes clippy lint from PR 2471
    • e6a4a37 Delete unuseful RangeFull impls
    • 0fca04e Merge pull request 2471 from tbu-/pr_more_ranges
    • 92bfc8d Merge pull request #2290 from Mingun/enum-tests-and-cleanup
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 0
  • ci: bump syn from 2.0.23 to 2.0.25

    ci: bump syn from 2.0.23 to 2.0.25

    Bumps syn from 2.0.23 to 2.0.25.

    Release notes

    Sourced from syn's releases.

    2.0.25

    • Support single identifier as unbraced const generic argument (#1483)
    • Produce error message when LitStr::parse is used on a suffixed string literal (#1484)

    2.0.24

    • Fix duplication of braces around const generic argument in non-full mode (#1482)
    Commits
    • 026a38c Release 2.0.25
    • 4d72543 Merge pull request #1484 from dtolnay/parsesuffix
    • d59afb2 Reject parse on LitStr containing suffix
    • 7e8358a Merge pull request #1483 from dtolnay/identgeneric
    • ed8d784 Support single identifier as unbraced const generic argument
    • e523c36 Directly call more specific expr ToTokens impl
    • 24c48cd Release 2.0.24
    • cefa056 Merge pull request #1482 from dtolnay/nonfullconstarg
    • a4fc6b1 Fix duplication of braces around const generic argument in non-full mode
    • d757cf4 Update test suite to nightly-2023-07-07
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 0
  • ci: bump thiserror from 1.0.40 to 1.0.43

    ci: bump thiserror from 1.0.40 to 1.0.43

    Bumps thiserror from 1.0.40 to 1.0.43.

    Release notes

    Sourced from thiserror's releases.

    1.0.42

    • Fix compile error in derived Display impl if there was a nonstandard write! macro in scope (#239)

    1.0.41

    No release notes provided.

    Commits
    • 225adab Release 1.0.43
    • f6dc5e5 Merge pull request #242 from dtolnay/stdwrite
    • cab9fec Avoid calling a nonstandard write! macro that might be in scope
    • 900f018 Revert "Avoid calling a nonstandard write! macro that might be in scope"
    • 305be4a Release 1.0.42
    • 6165f58 Merge pull request #240 from dtolnay/stdwrite
    • 264b7d1 Avoid calling a nonstandard write! macro that might be in scope
    • 43f3a2a Update to 2021 edition
    • 281997e Release 1.0.41
    • c28f8fa Eliminate syn 1 from minimal-versions
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 0
  • ci: bump spdx from 0.10.1 to 0.10.2

    ci: bump spdx from 0.10.1 to 0.10.2

    Bumps spdx from 0.10.1 to 0.10.2.

    Release notes

    Sourced from spdx's releases.

    Release 0.10.2

    Changed

    • PR#61 updated the SPDX license list from 3.20 => 3.21.

    Fixed

    • PR#60 fixed a few typos.
    Changelog

    Sourced from spdx's changelog.

    [0.10.2] - 2023-07-14

    Changed

    • PR#61 updated the SPDX license list from 3.20 => 3.21.

    Fixed

    • PR#60 fixed a few typos.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 0
  • ci: bump syn from 1.0.109 to 2.0.23

    ci: bump syn from 1.0.109 to 2.0.23

    Bumps syn from 1.0.109 to 2.0.23.

    updated-dependencies:

    • dependency-name: syn dependency-type: direct:production update-type: version-update:semver-major ...
    opened by psastras 0
  • ci: bump clap from 4.3.10 to 4.3.11

    ci: bump clap from 4.3.10 to 4.3.11

    Bumps clap from 4.3.10 to 4.3.11.

    Release notes

    Sourced from clap's releases.

    v4.3.11

    [4.3.11] - 2023-07-05

    Features

    • (derive) Support fields wrapped in num::Wrapping, Box, or Arc
    • (derive) Support Box<str>, Box<OsStr>, and Box<Path>
    Changelog

    Sourced from clap's changelog.

    [4.3.11] - 2023-07-05

    Features

    • (derive) Support fields wrapped in num::Wrapping, Box, or Arc
    • (derive) Support Box<str>, Box<OsStr>, and Box<Path>
    Commits
    • cafdf58 chore: Release
    • 7d52a0a docs: Update changelog
    • 890af8a Merge pull request #4995 from epage/parse
    • 99bcdfc style(builder): Be consistent in order
    • a50e32c feat(derive): Accept Boxed Str/OsStr/Path
    • 916c8d9 feat(derive): Accept num::Wrapping wrapped types
    • f043f57 feat(derive): Accept Box/Arc wrapped types
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 0
  • ci: bump proc-macro2 from 1.0.63 to 1.0.64

    ci: bump proc-macro2 from 1.0.63 to 1.0.64

    Bumps proc-macro2 from 1.0.63 to 1.0.64.

    Release notes

    Sourced from proc-macro2's releases.

    1.0.64

    • Fix parsing of bare \r in between tokens (#399)
    Commits
    • 075af34 Release 1.0.64
    • ab053d3 Replace 2 inconsistent ASCII checks with is_ascii()
    • 9c812bc Merge pull request #399 from dtolnay/carriagereturn
    • 261ad4d Extend lone carriage returns test
    • d10651c Revert "Require \r whitespace to be followed by \n"
    • bdfb5c1 Move minimal-versions CI to dedicated job
    • 51ed1bb Resolve needless_rwa_string_hashes clippy lint in test suite
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 0
  • ci: bump serde_json from 1.0.99 to 1.0.102

    ci: bump serde_json from 1.0.99 to 1.0.102

    Bumps serde_json from 1.0.99 to 1.0.102.

    Release notes

    Sourced from serde_json's releases.

    v1.0.102

    • Add a way to customize the serialization of byte arrays (#1039)

    v1.0.101

    v1.0.100

    • Support -Z minimal-versions
    Commits
    • 658689d Release 1.0.102
    • 42dbd00 Merge pull request #1039 from dtolnay/writebytearray
    • a1ca32a Factor out byte array serialization to a new Formatter method
    • 857b010 Inline Serializer::serialize_u8 into serialize_bytes
    • 6ad5495 Inline u8::serialize into serialize_bytes
    • 44b4a6c Simplify serialize_bytes
    • 0e2c949 Inline SerializeSeq::end into serialize_bytes
    • 1b72f2b Inline SerializeSeq::serialize_element into serialize_bytes
    • 55a7f5c Inline Serializer::serialize_seq into serialize_bytes
    • 3ddda75 Format PR 1037 with rustfmt
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 0
Releases(cargo-sbom-v0.8.4)
Owner
Paul Sastrasinh
Paul Sastrasinh
GitHub
Rust library for interacting with the VTube Studio API

vtubestudio-rs A library for interacting with the VTube Studio API. Basic usage This example creates a Client using the provided builder, which: conne

null 6 Dec 4, 2022
An opinionated Rust library for interacting with AWS DynamoDB single-table designs.

Modyne An opinionated library for interacting with AWS DynamoDB single-table designs. † Motive Modyne follows the precepts laid out for effective sing

Marcus Griep 14 Jun 8, 2023
Utilities for interacting with the Behringer X-Touch Mini MIDI controller

xtouchmini Collection of utilities for interacting with the Behringer X-Touch Mini MIDI controller, including reading button/knob/fader inputs and sen

null 5 Nov 11, 2021
🚧 (Alpha stage software) Binary that supports remote filesystem and process operations. 🚧

distant Binary to connect with a remote machine to edit files and run programs. ?? (Alpha stage software) This program is in rapid development and may

Chip Senkbeil 296 Dec 28, 2022
Removes generated and downloaded files from code projects to free up space

makeclean Removes generated and downloaded files from code projects to free up space. Features: List, cleans and archives projects depending on how lo

Kevin Bader 2 Mar 11, 2022
Rust Shop is a fake cloud-based software company that you can fork.

RustShop RustShop is an attempt at building a template and utilities to help quickly set up and manage a production grade cloud-based system. The core

null 56 Dec 17, 2022
A simple string interner / symbol table for Rust projects.

Symbol Interner A small Rust crate that provides a naïve string interner. Consult the documentation to learn about the types that are exposed. Install

Ryan Chandler 1 Nov 18, 2021
A code coverage tool for Rust projects

Tarpaulin Tarpaulin is a code coverage reporting tool for the Cargo build system, named for a waterproof cloth used to cover cargo on a ship. Currentl

null 1.8k Jan 2, 2023
Common utilities code used across Fulcrum Genomics Rust projects

fgoxide Common utilities code used across Fulcrum Genomics Rust projects. Why? There are many helper functions that are used repeatedly across project

Fulcrum Genomics 2 Nov 2, 2022
A bundler (mainly for TypeScript projects) made in Rust

TSAR A bundler (mainly for TypeScript projects) made in Rust. Also my first Rust Project! What does TSAR stand for Like phar (PHP Archive) or JAR (Jav

null 2 Mar 19, 2022
Graceful shutdown util for Rust projects using the Tokio Async runtime.

Shutdown management for graceful shutdown of tokio applications. Guard creating and usage is lock-free and the crate only locks when: the shutdown sig

Plabayo 54 Sep 29, 2023
Openfare - Monetize software with one commit.

OpenFare ?? Monetize software with one commit. ?? OpenFare monetizes any software library with one code change. The goal: fund the next million softwa

null 172 Dec 2, 2022
Booru software for the 21st century. (Name is supposed to be like Puro, the big monster, but I failed..)

Pooru Booru software for the 21st century. Setup Setup is a little funky, but I hope to fix this funkyness down the road. First and foremost, you will

null 2 May 8, 2022
High-performance BitTorrent tracker compatible with UNIT3D tracker software

UNIT3D-Announce High-performance backend BitTorrent tracker compatible with UNIT3D tracker software. Usage # Clone this repository $ git clone https:/

HDInnovations 4 Feb 6, 2023
Framework is a detector for different frameworks in one projects

Framework is a detector for different frameworks in one projects Usage use

Inherd OS Team (硬核开源小组) 3 Oct 24, 2022
Bindings to the Tauri API for projects using wasm-bindgen

tauri-sys Raw bindings to the Tauri API for projects using wasm-bindgen Installation This crate is not yet published to crates.io, so you need to use

Jonas Kruckenberg 25 Jan 9, 2023
Fusion is a cross-platform App Dev ToolKit build on Rust . Fusion lets you create Beautiful and Fast apps for mobile and desktop platform.

Fusion is a cross-platform App Dev ToolKit build on Rust . Fusion lets you create Beautiful and Fast apps for mobile and desktop platform.

Fusion 1 Oct 19, 2021
A Diablo II library for core and simple client functionality, written in Rust for performance, safety and re-usability

A Diablo II library for core and simple client functionality, written in Rust for performance, safety and re-usability

null 4 Nov 30, 2022
Code examples, data structures, and links from my book, Rust Atomics and Locks.

This repository contains the code examples, data structures, and links from Rust Atomics and Locks. The examples from chapters 1, 2, 3, and 8 can be f

Mara Bos 338 Jan 6, 2023