advisory-db
cargo-deny
Our great sponsors
advisory-db | cargo-deny | |
---|---|---|
37 | 15 | |
829 | 1,518 | |
2.2% | 4.3% | |
9.2 | 8.8 | |
7 days ago | 7 days ago | |
Rust | ||
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
advisory-db
- Serde-YAML for Rust has been archived
- When Zig is safer and faster than Rust
-
Advisory: Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
You might also want to add this to https://github.com/rustsec/advisory-db so that cargo audit and Dependabot surface it.
-
greater supply chain attack risk due to large dependency trees?
cargo-audit only checks for known issues reported to a vulnerability database.
- capnproto-rust: out-of-bound memory access bug
-
`cargo audit` can now scan compiled binaries
However, I keep getting this error when running cargo audit bin ~/.cargo/bin/*, even if I replace * with a specific binary: Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 467 security advisories (from C:\Users\jonah\.cargo\advisory-db) Updating crates.io index error: I/O operation failed: The system cannot find the path specified. (os error 3) I'm on Windows 10.
-
Github Dependency graph adds vulnerability alerting support for Rust
FWIW the RustSec database is still not synced into the Github databse on a regular basis, even though they did an initial import of it. So the cargo audit github action is still relevant.
-
Hey Rustaceans! Got a question? Ask here! (18/2022)!
Removing prior log directory: ./target/cargo-checkmate/logs running 7 cargo-checkmate phases cargo-checkmate check... ok. cargo-checkmate format... ok. cargo-checkmate clippy... ok. cargo-checkmate build... ok. cargo-checkmate test... ok. cargo-checkmate doc... ok. cargo-checkmate audit... FAILED. failures: ---- cargo-checkmate audit ---- + ./target/cargo-checkmate/logs/audit.stdout: | Fetching advisory database from `https://github.com/RustSec/advisory-db.git` + ./target/cargo-checkmate/logs/audit.stderr: | thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', /home/finn/.cargo/registry/src/github.com-1ecc6299db9ec823/cargo-checkmate-0.1.11/src/subcommands.rs:63:42 | note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace cargo-checkmate result: FAILED. 6 passed; 1 failed
-
Rust code quality and vulnerability scan tool
If that were true then https://github.com/RustSec/advisory-db/ would not exist.
-
Announcing s2n-quic 1.0
You are correct. Definitely not to pick on the other implementations but through casual testing we've seen all of them panic on messages received over the wire. I don't think any of them have disclosure policies in place and/or there was no advisory issued.
cargo-deny
-
Please add licenses to your projects, rust DS emulator Dust now dead.
Tip: You can check the licenses of all your dependencies (recursively) using cargo-deny: https://github.com/EmbarkStudios/cargo-deny
-
What are some useful tools for Rust?
cargo-deny
-
Best way to protect a project from supply chain attacks?
cargo deny for fetching crates only from trusted sources, blacklisting crates, etc.
-
NPM malware and what it could imply for Cargo
Use cargo audit or cargo deny to check the crates in your Cargo.lock to ensure they don't contain any vulnerabilities.
-
This Year in Embedded Rust: 2021 edition
> Explain the crate scanner thing?
I assume a reference to tools that help manage potential issues around dependencies, e.g.:
* https://github.com/rustsec/rustsec/tree/main/cargo-audit
* https://github.com/EmbarkStudios/cargo-deny
"[cargo-audit] Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database."
"cargo-deny is a cargo plugin that lets you lint your project's dependency graph to ensure all your dependencies conform to your expectations and requirements." e.g. license, security advisories, source.
-
Score card for dependencies in a project
cargo-deny does license and security advisory checking, and cargo-geiger does unsafe checking.
-
How can we make sure this doesn't happen with Crates.io?
cargo-deny
-
Blog post: Cross compiling Rust Windows binaries from Linux
OpenSSL has been banned in our project for a variety of reasons via cargo-deny for around a year and half, it was actually one of the reasons we created it in the first place.
-
Good Rust book for a very experienced C++ developer?
Take a look at https://github.com/EmbarkStudios/cargo-deny might help there, at $Work we also use it
-
totally-speedy-transmute: A blazing-fast spiritual successor to totally-safe-transmute
https://github.com/EmbarkStudios/cargo-deny lets you set customizable blacklists.
What are some alternatives?
cargo-about - 📜 Cargo plugin to generate list of all licenses for a crate 🦀
chrono - Date and time library for Rust
xwin - A utility for downloading and packaging the Microsoft CRT headers and libraries, and Windows SDK headers and libraries needed for compiling and linking programs targeting Windows.
vulndb - [mirror] The Go Vulnerability Database
crates.io-index - Registry index for crates.io
static_init
rustsec - RustSec API & Tooling
ripasso - A simple password manager written in Rust
dwflist - The DWF IDs
watt - Runtime for executing procedural macros as WebAssembly
nextest - A next-generation test runner for Rust.
Rudra - Rust Memory Safety & Undefined Behavior Detection