search

rust-secure-code / cargo-supply-chain

Gather author, contributor and publisher data on crates in your dependency graph.
Apache License 2.0
313 stars 18 forks source link

Add --offline capability #97

Open matthiasbeyer opened 3 months ago

matthiasbeyer commented 3 months ago

I want to run the tool without internet access (inside a nix build). But right now it does not seem to be possible.

Could a feature for this be added?

Shnatsel commented 3 months ago

The tool fundamentally relies on fetching data from crates.io. But you could have it run offline if you fetch a database dump with cargo supply-chain update and then run the tool; it would not fetch extra data if the cache is up to date.

You can control how fresh the cache needs to be to be considered up to date via the --cache-max-age argument , e.g. cargo supply-chain publishers --cache-max-age=3d would be 3 days. Note that the crates.io database dumps can be behind the live data by up to 48 hours.