InfoWorld Security
Aiming to help Rust developers discover and prevent security vulnerabilities, GitHub has made its suite of supply chain security features available for the fast-growing Rust language.
These features include the GitHub Advisory Database, which already has more than 400 Rust security advisories, as well Dependabot alerts and updates, and dependency graph support, providing alerts on vulnerable dependencies in Rust’s Cargo package files. Rust users can report and ultimately prevent security vulnerabilities when using GitHub.
The GitHub Advisory Database is a database of security advisories focused on actionable vulnerability information for developers. The majority of vulnerabilities cited in the database come from RustSec, an organization that publishes security advisories related to Rust libraries. Rust package maintainers can use the security advisories to collaborate with vulnerability reporters to privately discuss and fix vulnerabilities prior to announcing them publicly. Developers can report Rust vulnerabilities with a CVE through a community contribution.
Read the original article: