# Rust

{% hint style="info" %}
Rust is supported for Snyk Code (full support) and for Snyk Open Source (limited support).
{% endhint %}

## Rust for Snyk Code

{% hint style="info" %}
Code analysis support for Rust is in Early Access and is available only with Enterprise plans. To enable the feature, see [Snyk Preview](https://docs.snyk.io/snyk-platform-administration/snyk-preview).
{% endhint %}

### Supported frameworks and libraries

For Rust with Snyk Code, the following frameworks and libraries are supported:

{% columns %}
{% column %}

* actix\_files
* actix\_identity
* actix\_multipart
* actix\_session
* actix\_web
* age
* ammonia
* async\_graphql
* axum
* diesel
* handlebars
* hyper
* iron
  {% endcolumn %}

{% column %}

* orion
* postgres
* reqwest
* ring
* rustcrypto
* sqlx
* tera
* tokio
* tokio\_dbs
* tonic
* uuid
* warp
  {% endcolumn %}
  {% endcolumns %}

For an overview of the supported security rules, visit [Rust rules](https://docs.snyk.io/scan-with-snyk/snyk-code/snyk-code-security-rules/rust-rules).

### Supported file formats

For Rust with Snyk Code, the following file formats are supported: `.rs`.

### Available features

* Support for Interfile analysis
* Reports

## Rust for Snyk Open Source

### Supported package managers and registries

For Rust with Snyk Open Source, the following are supported:

* Supported package registry: [crates.io](https://crates.io/)
* Supported files: CycloneDX and SPDX SBOMs

### Available features

* Test your SBOM containing `cargo` PURLs through the [SBOM test](https://docs.snyk.io/developer-tools/snyk-cli/commands/sbom-test) CLI command or API.
* Test your individual Rust packages using the [List issues for a package](https://docs.snyk.io/snyk-api/using-specific-snyk-apis/issues-list-issues-for-a-package) API.

{% hint style="info" %}
SCM import and the standard CLI commands `snyk test`, `snyk monitor` are not available.
{% endhint %}

Open Source scanning of Rust manifests and dependencies is limited to testing using the CLI command `snyk sbom test`, or through the Snyk API, using either SBOM testing or individual package testing. API access is available only with Ignite or Enterprise plans.

{% hint style="info" %}
License scanning is not available for Cargo.
{% endhint %}

### Scan Rust dependencies in bulk using the CLI

To do this:

* Use a third party tool to create a SBOM document from the `Cargo.toml` and `cargo.lock` file, in one of the supported SBOM formats.
* Use `snyk sbom test --file=<path to your SBOM>` to scan the SBOM document.

Alternatively, you can use the REST API, as follows:

* Use the REST API to `POST` the SBOM document to the `sbom_tests` endpoint.
* Retrieve the results by calling the `sbom_tests/{job_id}` endpoint. For more information, visit [SBOM](https://docs.snyk.io/snyk-api/reference/sbom) and [Test an SBOM document for vulnerabilities](https://docs.snyk.io/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-endpoint-test-an-sbom-document-for-vulnerabilities).

### Scan Rust dependencies individually using the API

To test your individual Rust packages from the Cargo package manager, you can use the [List issues for a package](https://docs.snyk.io/snyk-api/reference/issues) API. You can obtain the PURL from the metadata section of the package on [crates.io](http://crates.io) and it must adhere to the [purl specification](https://github.com/package-url/purl-spec).

Before using it in the API, ensure you URL encode it. For example, `pkg:cargo/sd@0.1.0` becomes `pkg%3Acargo%2Fsd%400.1.0`

This reports only the direct vulnerabilities for that package. For more information, visit [List issues for a package](https://docs.snyk.io/snyk-api/using-specific-snyk-apis/issues-list-issues-for-a-package).

### Gating commits and PRs

To avoid introducing vulnerabilities on commits and PRs, Snyk recommends incorporating the above testing into your CI/CD pipeline.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.snyk.io/supported-languages/supported-languages-list/rust.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.