Feature request: audit releases based on git tags

Question

Feature request: audit releases based on git tags

rotty opened this issue 5 years ago · 2 comments

It would be nice to be able to run cargo audit in a git repo, and have it not only check the current Cargo.lock file inside the working directory, but also previous versions of Cargo.lock, specifically those that correspond to release tags. For example (assuming a regex to specify a tag pattern):

cargo audit --git-tags="^v[0-9]+"

Answer 1 · 2019-10-12T13:39:47.000Z

As I see that cargo audit supports reading the lockfile contents from stdin, this is easily scripted, and I retract this feature request.

Answer 2 · 2019-10-12T19:14:08.000Z

FWIW, I've now scripted this functionality in Python, see https://github.com/rotty/cargo-audit-tags. If you feel the functionality provided by cargo-audit-tags would make sense as part of cargo audit itself, feel free to re-open this issue; this might even motivate me to come up with a PR.