# Cargo Audit

Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database.

# Configurations

In addition to the global scanner configurations, the Cargo Audit scanner has it's specific configurations available.

The following configuration options are available for the CargoAudit scanner.

# elevate_warnings

Some warnings may lack a CVE advisory id. Warnings lacking an advisory id can be disabled by setting elevate_warnings to false. The elevate_warning setting is used to elevate warnings (yanked or unmaintained repos) to errors (default).

elevate_warnings: true

# Sample Configuration for Scanner

salus.yml
scanner_configs:
  CargoAudit:
    elevate_warnings: true
    exceptions:
      - advisory_id: RUSTSEC-2019-0010
        changed_by: security-team
        notes: Currently no patch exists and determined that this vulnerability is not exploitable.
        expiration: "2021-04-27"