svartalf
commented
4 years ago Hi, @Nemo157! I agree that adding it would be very helpful; I'm aiming to get this information from cargo-audit directly, see https://github.com/RustSec/cargo-audit/issues/227#issuecomment-630091843
Motivation
First step of triaging an audit issue is to see why the affected crate is being included in the build, to see if it's a direct dependency that can be controlled, or a deep dependency that may need more effort. Including the output from
cargo tree -i <crate>in the opened issue would allow trivially seeing this from the issue directly (example).