siemens · crvreddy · Oct 7, 2025 · Sep 3, 2025 · Sep 10, 2025 · Sep 15, 2025
diff --git a/TestFiles/IntegrationTestFiles/SpdxTestFiles/Cargo/Cargo.spdx.sbom.json b/TestFiles/IntegrationTestFiles/SpdxTestFiles/Cargo/Cargo.spdx.sbom.json
diff --git a/TestFiles/IntegrationTestFiles/SystemTest1stIterationData/Cargo/cargo.metadata.json b/TestFiles/IntegrationTestFiles/SystemTest1stIterationData/Cargo/cargo.metadata.json
diff --git a/doc/UsageDoc/CA_UsageDocument.md b/doc/UsageDoc/CA_UsageDocument.md
@@ -59,7 +59,7 @@
 
 
 # Introduction
-Welcome to the Continuous Clearing Tool, your automated solution for streamlining the SW360 clearing process. Designed with Project Managers and Developers in mind, this tool efficiently manages third-party components across various platforms, including NPM, NuGet, Maven, Python, Conan, Alpine, and Debian.
+Welcome to the Continuous Clearing Tool, your automated solution for streamlining the SW360 clearing process. Designed with Project Managers and Developers in mind, this tool efficiently manages third-party components across various platforms, including NPM, NuGet, Maven, Python, Conan, Cargo, Alpine, and Debian.
 
 ## Key Features
 - **Automated Scanning and Identification**: The tool automatically scans and identifies third-party components in your projects.
@@ -77,17 +77,17 @@ Simply integrate the Continuous Clearing Tool into your project workflow to expe
 
 # Continuous Clearing Tool workflow diagram
 * Package Identifier
-  * [NPM/NUGET/MAVEN/PYTHON/CONAN](../usagedocimg/packageIdentifiernpmnuget.PNG)
+  * [NPM/NUGET/MAVEN/PYTHON/CONAN/CARGO](../usagedocimg/packageIdentifiernpmnuget.PNG)
   * [Debian/Alpine](../usagedocimg/packageIdentifierdebianalpine.PNG)
   * [BasicSBOM](../usagedocimg/PackageidentifierBasicSBOMflowdiagram.png)
 
 * SW360 Package Creator
-  * [NPM/NUGET/MAVEN/PYTHON/CONAN](../usagedocimg/packageCreatirnpmnuget.PNG)
+  * [NPM/NUGET/MAVEN/PYTHON/CONAN/CARGO](../usagedocimg/packageCreatirnpmnuget.PNG)
   * [Debian](../usagedocimg/packagecreatordebian.PNG)
   * [Alpine](../usagedocimg/ComponentcreaterforAlpine.PNG)
 
 * Artifactory Uploader
-  * [NPM/NUGET/MAVEN/PYTHON/CONAN](../usagedocimg/artifactoryuploader.PNG)
+  * [NPM/NUGET/MAVEN/PYTHON/CONAN?CARGO](../usagedocimg/artifactoryuploader.PNG)
 
 # Prerequisite
 To ensure a smooth operation of the Continuous Clearing Tool, please follow these prerequisites:
@@ -196,6 +196,17 @@ Users have the flexibility to generate a basic SBOM even if connections to SW360
   * **Project Type :** **Conan**
 
     * Input file repository should contain **conan.lock** file.
+
+  * **Project Type :** **Cargo**
+
+    * Run the command given below (i.e., To generate a metadata file for your project, run the following command in your project directory (where your Cargo.toml is located)) .
+
+    * For creating metadata.json file you can use the format version 1.
+
+     **Example**: cargo metadata --format-version 1 > cargo.metadata.json
+         After successful execution, *.metadata.json file will be created in specified directory .
+
+         Resulted cargo.metadata.json file will be having the list of installed packages  and the same file will be used as  an input to Continuous clearing tool -    Package identifier via the input directory parameter. The remaining process is same as other project types.
 
   * **Project Type :**  **Debian & Alpine**
 
@@ -254,7 +265,7 @@ Description for the settings in appSettings.json file
 | S.No | Argument Name                             | Description                                                   | Mandatory | Example                                                                  |
 | ---- | ----------------------------------------- | ------------------------------------------------------------- | --------------- | ------------------------------------------------------------------------ |
 | 1    | TimeOut                                   | Timeout in seconds                                            | No              | 400                                                                      |
-| 2    | ProjectType                               | Type of the project                                           | Yes             | `Nuget`, `NPM`, `Poetry`, `Conan`, `Alpine`, `Debian`, `Maven`                         |
+| 2    | ProjectType                               | Type of the project                                           | Yes             | `Nuget`, `NPM`, `Poetry`, `Conan`, `Alpine`, `Debian`, `Maven`, `Cargo`                      |
 | 3    | MultipleProjectType                       | Whether multiple project types are supported                  | No              | `False`                                                                    |
 | 4    | Telemetry.Enable                          | Enable telemetry                                              | No              | `False`                                                                    |
 | 5    | Telemetry.ApplicationInsightsConnectionString | Application Insights instrumentation key                      | No              | `123-456-789-123-123`                                                     |

diff --git a/src/LCT.APICommunications.UTest/JfrogAqlApiCommunicationUTest.cs b/src/LCT.APICommunications.UTest/JfrogAqlApiCommunicationUTest.cs
@@ -222,6 +222,18 @@ public void BuildAqlQuery_EmptyComponentType_ReturnsBasicQuery()
             Assert.That(query, Is.EqualTo(expectedQuery));
         }
 
+        [Test]
+        public void JfrogAqlApiCommunication_GetCargoComponentDataByRepo_ReturnsInvalidOperationException()
+        {
+            // Arrange
+            ArtifactoryCredentials repoCredentials = new ArtifactoryCredentials();
+            string invalidDomainName = ""; // Invalid domain name
+            int timeout = 30; // Timeout in seconds
+            string invalidRepoName = "invalid-npm-repo"; // Invalid repo name
+
+            JfrogAqlApiCommunication jfrogApiCommunication = new JfrogAqlApiCommunication(invalidDomainName, repoCredentials, timeout);
 
+
+        }
     }
 }
diff --git a/src/LCT.APICommunications/ApiConstant.cs b/src/LCT.APICommunications/ApiConstant.cs
@@ -76,5 +76,6 @@ public static class ApiConstant
         public const string ArtifactoryRepoName = "ArtifactoryRepoName";
         public const string JfrogArtifactoryApiSearchAql = $"/api/search/aql";
         public static readonly List<int> APIRetryIntervals = [5, 10, 30]; // in seconds
+        public const string CargoExtension = ".crate";
     }
 }
diff --git a/src/LCT.APICommunications/Interfaces/IJfrogAqlApiCommunication.cs b/src/LCT.APICommunications/Interfaces/IJfrogAqlApiCommunication.cs
@@ -33,6 +33,12 @@ public interface IJfrogAqlApiCommunication
         /// <param name="repoName">repoName</param>
         /// <returns>HttpResponseMessage</returns>
         Task<HttpResponseMessage> GetPypiComponentDataByRepo(string repoName);
+        /// <summary>
+        /// Gets the internal component data based on repo name
+        /// </summary>
+        /// <param name="repoName">repoName</param>
+        /// <returns>HttpResponseMessage</returns>
+        Task<HttpResponseMessage> GetCargoComponentDataByRepo(string repoName);
 
 
         /// <summary>

diff --git a/src/LCT.APICommunications/JfrogAqlApiCommunication.cs b/src/LCT.APICommunications/JfrogAqlApiCommunication.cs
@@ -44,12 +44,7 @@ public async Task<HttpResponseMessage> CheckConnection()
             return await httpClient.GetAsync(url);
         }
 
-        /// <summary>
-        /// Gets the Internal Component Data By Repo name
-        /// </summary>
-        /// <param name="repoName"></param>
-        /// <returns></returns>
-        public async Task<HttpResponseMessage> GetInternalComponentDataByRepo(string repoName)
+        private async Task<HttpResponseMessage> GetComponentDataByRepo(string repoName, string includeFields)
         {
             HttpClient httpClient = GetHttpClient(ArtifactoryCredentials);
             TimeSpan timeOutInSec = TimeSpan.FromSeconds(TimeoutInSec);
@@ -58,44 +53,36 @@ public async Task<HttpResponseMessage> GetInternalComponentDataByRepo(string rep
             StringBuilder query = new();
             query.Append("items.find({\"repo\":\"");
             query.Append($"{repoName}");
-            query.Append("\"}).include(\"repo\", \"path\", \"name\", \"actual_sha1\",\"actual_md5\",\"sha256\")");
+            query.Append("\"}).include(");
+            query.Append($"{includeFields}");
+            query.Append(')');
 
             string aqlQueryToBody = query.ToString();
             string uri = $"{DomainName}{ApiConstant.JfrogArtifactoryApiSearchAql}";
             HttpContent httpContent = new StringContent(aqlQueryToBody);
             return await httpClient.PostAsync(uri, httpContent);
         }
+
+        /// <summary>
+        /// Gets the Internal Component Data By Repo name
+        /// </summary>
+        /// <param name="repoName"></param>
+        /// <returns></returns>
+        public async Task<HttpResponseMessage> GetInternalComponentDataByRepo(string repoName)
+        {
+            return await GetComponentDataByRepo(repoName, "\"repo\", \"path\", \"name\", \"actual_sha1\",\"actual_md5\",\"sha256\"");
+        }
         public async Task<HttpResponseMessage> GetNpmComponentDataByRepo(string repoName)
         {
-            HttpClient httpClient = GetHttpClient(ArtifactoryCredentials);
-            TimeSpan timeOutInSec = TimeSpan.FromSeconds(TimeoutInSec);
-            httpClient.Timeout = timeOutInSec;
-
-            StringBuilder query = new();
-            query.Append("items.find({\"repo\":\"");
-            query.Append($"{repoName}");
-            query.Append("\"}).include(\"repo\", \"path\", \"name\",\"@npm.name\",\"@npm.version\", \"actual_sha1\",\"actual_md5\",\"sha256\")");
-
-            string aqlQueryToBody = query.ToString();
-            string uri = $"{DomainName}{ApiConstant.JfrogArtifactoryApiSearchAql}";
-            HttpContent httpContent = new StringContent(aqlQueryToBody);
-            return await httpClient.PostAsync(uri, httpContent);
+            return await GetComponentDataByRepo(repoName, "\"repo\", \"path\", \"name\",\"@npm.name\",\"@npm.version\", \"actual_sha1\",\"actual_md5\",\"sha256\"");
         }
         public async Task<HttpResponseMessage> GetPypiComponentDataByRepo(string repoName)
         {
-            HttpClient httpClient = GetHttpClient(ArtifactoryCredentials);
-            TimeSpan timeOutInSec = TimeSpan.FromSeconds(TimeoutInSec);
-            httpClient.Timeout = timeOutInSec;
-
-            StringBuilder query = new();
-            query.Append("items.find({\"repo\":\"");
-            query.Append($"{repoName}");
-            query.Append("\"}).include(\"repo\", \"path\", \"name\",\"@pypi.normalized.name\",\"@pypi.version\", \"actual_sha1\",\"actual_md5\",\"sha256\")");
-
-            string aqlQueryToBody = query.ToString();
-            string uri = $"{DomainName}{ApiConstant.JfrogArtifactoryApiSearchAql}";
-            HttpContent httpContent = new StringContent(aqlQueryToBody);
-            return await httpClient.PostAsync(uri, httpContent);
+            return await GetComponentDataByRepo(repoName, "\"repo\", \"path\", \"name\",\"@pypi.normalized.name\",\"@pypi.version\", \"actual_sha1\",\"actual_md5\",\"sha256\"");
+        }
+        public async Task<HttpResponseMessage> GetCargoComponentDataByRepo(string repoName)
+        {
+            return await GetComponentDataByRepo(repoName, "\"repo\", \"path\", \"name\",\"@crate.name\",\"@crate.version\", \"actual_sha1\",\"actual_md5\",\"sha256\"");
         }
 
         /// <summary>
@@ -204,8 +191,6 @@ public static string BuildAqlQuery(ComponentsToArtifactory component)
                 return query.ToString();
             }
 
-
-
         }
 
         private async Task<HttpResponseMessage> ExecuteSearchAqlAsync(string uri, HttpContent httpContent)

diff --git a/src/LCT.Common/CommonAppSettings.cs b/src/LCT.Common/CommonAppSettings.cs
@@ -59,6 +59,7 @@ public string ProjectType
         public Config Alpine { get; set; }
         public Config Poetry { get; set; }
         public Config Conan { get; set; }
+        public Config Cargo { get; set; }
         public string Mode { get; set; } = string.Empty;
         public bool IsTestMode
         {

diff --git a/src/LCT.Common/CommonHelper.cs b/src/LCT.Common/CommonHelper.cs
@@ -280,7 +280,8 @@ public static string[] GetRepoList(CommonAppSettings appSettings)
         { "NUGET", () => appSettings.Nuget },
         { "POETRY", () => appSettings.Poetry },
         { "DEBIAN", () => appSettings.Debian },
-        { "MAVEN", () => appSettings.Maven }
+        { "MAVEN", () => appSettings.Maven },
+        { "CARGO", () => appSettings.Cargo }
     };
             if (projectTypeMappings.TryGetValue(appSettings.ProjectType.ToUpperInvariant(), out var getConfig))
             {

diff --git a/src/LCT.Common/Constants/Dataconstant.cs b/src/LCT.Common/Constants/Dataconstant.cs
@@ -24,6 +24,7 @@ public static class Dataconstant
         {"POETRY", "pkg:pypi"},
         {"CONAN", "pkg:conan"},
         {"ALPINE", "pkg:apk/alpine"},
+        {"CARGO", "pkg:cargo"},
          };
 
         //Identified types

diff --git a/src/LCT.Common/Constants/FileConstant.cs b/src/LCT.Common/Constants/FileConstant.cs
@@ -58,5 +58,7 @@ public static class FileConstant
         public static readonly string[] Nuget_DeploymentType_DetectionTags = ["SelfContained"];
         public const string backUpKey = "Backup";
         public const string SPDXFileExtension = ".spdx.sbom.json";
+        public const string CargoFileExtension = "metadata.json";
+
     }
 }
diff --git a/src/LCT.Common/appSettings.json b/src/LCT.Common/appSettings.json
@@ -5,7 +5,7 @@
 // --------------------------------------------------------------------------------------------------------------------
 
 {
-  "TimeOut": 400,  
+  "TimeOut": 400,
   "ProjectType": "<Insert ProjectType>",
   "MultipleProjectType": false,
   "Telemetry": {
@@ -219,5 +219,32 @@
     },
     "ReleaseRepo": "<Insert Conan Release RepoName>",
     "DevDepRepo": "<Insert Conan DevDep RepoName>"
+  },
+  "Cargo": {
+    "Include": [
+      "*.metadata.json",
+      "*.cdx.json",
+      "*.spdx.sbom.json"
+    ],
+    "Exclude": [],
+    "Artifactory": {
+      "ThirdPartyRepos": [
+        {
+          "Name": "<Insert Cargo 3rd party Repo Name>",
+          "Upload": true
+        }
+      ],
+      "InternalRepos": [
+        "<Insert Cargo Internal Repo Names>"
+      ],
+      "DevRepos": [
+        "<Insert Cargo Dev Repo Name>"
+      ],
+      "RemoteRepos": [
+        "<Insert Cargo Remote Repo Name>"
+      ]
+    },
+    "ReleaseRepo": "<Insert Cargo Release RepoName>",
+    "DevDepRepo": "<Insert Cargo DevDep RepoName>"
   }
 }
diff --git a/src/LCT.Facade/Interfaces/IJfrogAqlApiCommunicationFacade.cs b/src/LCT.Facade/Interfaces/IJfrogAqlApiCommunicationFacade.cs
@@ -33,6 +33,12 @@ public interface IJfrogAqlApiCommunicationFacade
         /// <param name="repoName">repoName</param>
         /// <returns>HttpResponseMessage</returns>
         Task<HttpResponseMessage> GetPypiComponentDataByRepo(string repoName);
+        /// <summary>
+        /// Gets the Internal Component Data By Repo Name
+        /// </summary>
+        /// <param name="repoName">repoName</param>
+        /// <returns>HttpResponseMessage</returns>
+        Task<HttpResponseMessage> GetCargoComponentDataByRepo(string repoName);
 
 
         /// <summary>

diff --git a/src/LCT.Facade/JfrogAqlApiCommunicationFacade.cs b/src/LCT.Facade/JfrogAqlApiCommunicationFacade.cs
@@ -64,6 +64,15 @@ public async Task<HttpResponseMessage> GetPypiComponentDataByRepo(string repoNam
         {
             return await m_jfrogAqlApiCommunication.GetPypiComponentDataByRepo(repoName);
         }
+        /// <summary>
+        /// Gets the Internal Component Data By Repo Name
+        /// </summary>
+        /// <param name="repoName">repoName</param>
+        /// <returns>HttpResponseMessage</returns>
+        public async Task<HttpResponseMessage> GetCargoComponentDataByRepo(string repoName)
+        {
+            return await m_jfrogAqlApiCommunication.GetCargoComponentDataByRepo(repoName);
+        }
 
         /// <summary>
         /// Gets the package information in the repo, via the name or path