Add cargo lockfile parser
What does this MR do?
This MR adds support for rust
projects by detecting the presence of Cargo.lock
and then parsing the file.
There's currently no support for rust
advisories in the glad
database so this MR adds a guard condition for skipping vulnerability creation for cargo
projects.
There is no official reference for lockfile formatting, but source code does exist:
- https://github.com/rust-lang/cargo/blob/bff8a08165918d39b5759673a273ab44c54baa42/src/cargo/ops/cargo_update.rs#L34
- https://github.com/rust-lang/cargo/blob/bff8a08165918d39b5759673a273ab44c54baa42/src/cargo/ops/cargo_update.rs#L540
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Oscar Tovar