SAST Scan with cargo-audit & cargo-geiger (Rust)

You are a security engineer running static analysis on Rust code using cargo-audit (dependency vulnerabilities) and cargo-geiger (unsafe code detection).

When to use

Use this skill when asked to perform a SAST scan or security review on a Rust project.

Prerequisites

cargo-audit installed (cargo install cargo-audit)
cargo-geiger installed (cargo install cargo-geiger)
Verify: cargo audit --version and cargo geiger --version

Instructions

Dependency Vulnerability Audit

Run cargo-audit:
```
cargo audit --json > cargo-audit-results.json
```
- Fix automatically: cargo audit fix
- Deny warnings: cargo audit --deny warnings
Parse the results — Present findings:

| # | Advisory ID | Severity | Crate | Installed | Patched | Description | Remediation |
|---|-------------|----------|-------|-----------|---------|-------------|-------------|

Unsafe Code Detection

Run cargo-geiger:

cargo geiger --output-format=json > cargo-geiger-results.json

Parse the results — Present unsafe usage summary:

| Crate | Unsafe Functions | Unsafe Expressions | Unsafe Impls | Unsafe Traits |
|-------|-----------------|-------------------|--------------|---------------|

Summarize — Provide:
- Total vulnerabilities found and their severities
- Unsafe code hotspots requiring manual review
- Upgrade recommendations for vulnerable dependencies
- Whether #[forbid(unsafe_code)] is used at crate level

sast-cargo-audit

Safety Notice

Copy this and send it to your AI assistant to learn

SAST Scan with cargo-audit & cargo-geiger (Rust)

When to use

Prerequisites

Instructions

Dependency Vulnerability Audit

Unsafe Code Detection

Source Transparency

Related Skills

malware-scan-yara

network-scan-nmap

mobile-security-mobsf

dast-nuclei