Skip to content

feat: rust analysis support #252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
soul2zimate wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

feat: rust analysis support #252

soul2zimate wants to merge 7 commits into from
+1,807 −34

Conversation

@soul2zimate
Copy link
Contributor

@soul2zimate soul2zimate commented Jan 27, 2026

Description

feat: rust analysis support

Related issue (if any): https://issues.redhat.com/browse/TC-3459

Checklist

  • I have followed this repository's contributing guidelines.
  • I will adhere to the project's code of conduct.

Additional information

Assisted-by: Claude Code

@soul2zimate soul2zimate requested a review from ruromero January 27, 2026 09:06
@soul2zimate
Copy link
Contributor Author

soul2zimate commented Jan 27, 2026

@ruromero please review when you have time.

ruromero
ruromero requested changes Jan 27, 2026
View reviewed changes
Copy link
Collaborator

@ruromero ruromero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @soul2zimate
I have added a first round of comments. After you refactor and answer some of my questions I'd like to review again.

ruromero
ruromero requested changes Jan 28, 2026
View reviewed changes
Copy link
Collaborator

@ruromero ruromero left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

I have added 2 small suggestions.

Overall Design

After looking deeper in to how you addressed the problem I think it provides a great opportunity to introduce a complex but powerful feature for monorepo projects that we could consider adding to all the other package managers.

If I understood correctly your approach you resolve all the tree from the root down to the members but the dependencies are added to the root, meaning that
root.deps = [member1.dep1, member1.dep2, member2.dep3, ...]
That creates an incorrect SBOM because we don't know which deps each member has and it can be that different members introduce the same dep with different version or that a member depends on another member.
But we can use that to our benefit and consider the possibility to create a complex SBOM where we will have something like:

root
 member1
   dep1, dep2
 member2
   dep1, dep3
...

The stack analysis and generated SBOMs will be much detailed. We can also use the component analysis to underline the members with vulnerabilities.

Regarding the root name/version in virtual workspaces, we can use the folder name and set a placeholder version or the workspace.version if defined.

What do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ruromero ruromero ruromero requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@soul2zimate @ruromero