Skip to content

Rust's package ecosystem (crates) is managed through Cargo and the Cargo.toml/Cargo.lock files. The crates.io registry hosts 140,000+ crates. ReleaseRun provides free tools for auditing Rust crate dependencies, checking CVEs via RustSec, and tracking Rust release status.

Rust Dependency Health Checkers

Cargo.toml Health Checker

The Cargo.toml Health Checker scans your Cargo.toml for crates with known security advisories (from RustSec Advisory Database), outdated versions, and unmaintained crates. Paste your Cargo.toml and get an instant audit.

Cargo.lock Analyzer

The Cargo.lock Analyzer performs a full dependency tree audit from your lockfile — catching transitive dependency CVEs that don't appear in the top-level Cargo.toml.

Rust Release History

Rust releases a new stable version every 6 weeks. There is no formal EOL for specific versions — the stable channel always receives patches. The Rust Release History page covers Editions (2015, 2018, 2021), key releases (1.65 GATs, 1.75 async fn in traits), and upgrade guidance.

Rust Security Model

Rust's ownership system prevents most memory safety vulnerabilities at compile time. However, unsafe blocks bypass these guarantees — and transitive dependencies may contain unsafe code. The RustSec Advisory Database tracks CVEs in crates including those in unsafe code paths. Running cargo audit (or using ReleaseRun's browser-based checker) regularly is the standard practice.

Common Rust Production Tools

  • cargo-audit — scans Cargo.lock against RustSec for CVEs; the standard Rust security audit tool
  • cargo-deny — enforces license policies, bans specific crates, and checks for duplicate dependencies alongside security advisories
  • cargo-outdated — shows which crates have newer versions available
  • cargo-update — updates packages in Cargo.lock

All Rust Tools on ReleaseRun