Dependency Scanning for Rust
gitlab-org/security-products/dependency-scanning#9 brings Rust support to Dependency Scanning. Once https://gitlab.com/gitlab-org/gitlab-ee/issues/5232 is done, we can easily add this feature.
/cc @bikebilly
Current Workaround
Thanks to @dcoles for this contribution: gitlab-cargo-audit can be used to generate a GitLab Enterprise dependency scanning report. We've been using it at my employer for out GitLab CI/CD pipelines.
It currently supports version 14.0.6 of the dependency scanning schema, which is a little out of date (it's now up to 15.0.4), but the current version of GitLab still ingests it. Since GitLab 16.0, we no longer support security reports format below 15.0: https://docs.gitlab.com/ee/update/deprecations.html#security-report-schemas-version-14xx
To have this working again, https://github.com/dcoles/gitlab-cargo-audit needs to output a report compatible with our security report schema version 15. Latest is 15.0.7: https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/tree/v15.0.7/dist