So somebody's built a thing that parses RustSec and notifies you if your repo is vulnerable: https://blog.firosolutions.com/2019/09/github-rust-firo/
Doesn't github itself already do this?
I'm not sure if Github reads from RustSec, probably not. This does.
DependaBot is aware of rustsec I think, so I'd expect github's thing does
I saw that. It looked cool, but I was also curious about Dependabot
Github isn't aware of rustsec yet. Or wasn't ~2 months ago, I haven't checked since then.
I've talked with people at GitHub about first class support quite a bit. I don't think it's on their roadmap yet, but maybe soon