security/cargo-audit [1] can be used to check Cargo.lock files for vulnerable crates. I thought it might be nice to add support for it to cargo.mk.
It adds a new cargo-audit target that just checks the crates from CARGO_CRATES. Since this is incomplete (e.g., due to local crates from GH_TUPLE or similar that will never be in CARGO_CRATES) it also runs cargo-audit after the build when there is a complete Cargo.lock.