github.com/anchore/syft@v1.38.2/syft/pkg/rust.go

github.com/anchore/syft@v1.38.2/syft/pkg/rust.go (about)

     1  package pkg
     2  
     3  // RustCargoLockEntry represents a locked dependency from a Cargo.lock file with precise version and checksum information.
     4  type RustCargoLockEntry struct {
     5  	// Name is crate name as specified in Cargo.toml
     6  	Name string `toml:"name" json:"name"`
     7  
     8  	// Version is crate version as specified in Cargo.toml
     9  	Version string `toml:"version" json:"version"`
    10  
    11  	// Source is the source registry or repository URL in format "registry+https://github.com/rust-lang/crates.io-index" for registry packages
    12  	Source string `toml:"source" json:"source"`
    13  
    14  	// Checksum is content checksum for registry packages only (hexadecimal string). Cargo doesn't require or include checksums for git dependencies. Used to detect MITM attacks by verifying downloaded crate matches lockfile checksum.
    15  	Checksum string `toml:"checksum" json:"checksum"`
    16  
    17  	// Dependencies are the list of dependencies with version constraints
    18  	Dependencies []string `toml:"dependencies" json:"dependencies"`
    19  }
    20  
    21  // RustBinaryAuditEntry represents Rust crate metadata extracted from a compiled binary using cargo-auditable format.
    22  type RustBinaryAuditEntry struct {
    23  	// Name is crate name as specified in audit section of the build binary
    24  	Name string `toml:"name" json:"name"`
    25  
    26  	// Version is crate version as specified in audit section of the build binary
    27  	Version string `toml:"version" json:"version"`
    28  
    29  	// Source is the source registry or repository where this crate came from
    30  	Source string `toml:"source" json:"source"`
    31  }