- Scan their software for potential security issues and violations of organizational policy.
- Prioritize vulnerabilities in the context of their applications.
- Understand the relationships between software components in their applications.
System specifications for scan
Make sure that you have a minimum system requirement specification of an 8-core processor with 32 GB RAM. Use a system equipped with either Mac OS X or Linux operating systems to perform the scans.Software prerequisites
- Make sure the following prerequisites are installed:
- Package Manager Cargo - Any version
- Rust - Any version,
- Make sure your repository includes one or more files with
.rsextension. - Install Rust using the latest rustup tool.
Build Rust projects
Ensure your repository hasCargo.toml file and run the following command making sure it builds the project successfully.
Cargo.lock file. If the repository includes a Cargo.lock file, endorctl uses this file for dependency resolution and does not create it again.
Run a scan
Perform a scan to get visibility into your software composition and resolve dependencies.Understand the scan process
Endor Labs resolves dependencies for the package version when it scans Rust projects.Resolving Dependencies
Endor Labs leverages the Cargo.toml file in Rust and uses this file to build the package version using cargo. Endor Labs uses the output fromcargo metadata to resolve dependencies specified in Cargo.toml files and construct the dependency graph.
Known Limitations
- Call graphs are not supported for Rust projects.
- Performing Endor Labs scans on the Microsoft Windows operating system is currently unsupported.
Troubleshoot errors
- Host system check failure errors: These errors occur when Rust is not installed or not present in the path variable. Install Rust and try again.