auto-fuzz-test
Effortlessly fuzz libraries with large API surfaces (by rust-fuzz)
cargo-supply-chain
Gather author, contributor and publisher data on crates in your dependency graph. (by rust-secure-code)
Our great sponsors
auto-fuzz-test | cargo-supply-chain | |
---|---|---|
6 | 20 | |
69 | 311 | |
- | 1.6% | |
0.0 | 4.9 | |
over 2 years ago | about 1 month ago | |
Rust | Rust | |
Apache License 2.0 | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
auto-fuzz-test
Posts with mentions or reviews of auto-fuzz-test.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-15.
-
We Don't Need a Stable ABI
Can confirm, https://github.com/rust-fuzz/auto-fuzz-test was hard write to write (and still isn't production ready) precisely because the compiler doesn't expose type information.
-
Win32 API fuzzer, to help develop Wine
This is super interesting! I've tried auto-generating fuzzing harnesses for arbitrary Rust functions as well: https://github.com/rust-fuzz/auto-fuzz-test
-
The `arbitrary` crate is approaching 1.0!
We've been leaning on this crate heavily in https://github.com/rust-fuzz/auto-fuzz-test, and it's really nice to see support for borrowed types materialize!
-
New:`cargo-fuzzcheck` 0.5.0 and a series of decent, fast-to-compile crates to replace `syn`, `quote`, `serde-json`, and `toml-rs`
Interesting! We'll need to try it with https://github.com/rust-fuzz/auto-fuzz-test, since we're getting mysterious segfaults from our cargo-fuzz/libfuzzer backend right now.
-
Unsafe Rust: How and when (not) to use it - LogRocket Blog
Specifically, I tried leading a fuzzing effort via https://github.com/rust-fuzz/auto-fuzz-test, but right now it's not quite production-ready. We have good progress in proc_macro branch, but that's geared towards crates, and it's not entirely clear how to apply that to the standard library.
-
Does any interesting projects need help?
https://github.com/rust-fuzz/auto-fuzz-test if you want something a bit more involved but with a huge potential
cargo-supply-chain
Posts with mentions or reviews of cargo-supply-chain.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-04.
-
Release of Structsy 0.5
Great news! Sounds like a good way to add caching to cargo supply-chain. There's a lot of small chunks of data we want to persist.
-
greater supply chain attack risk due to large dependency trees?
Shameless plug: https://github.com/rust-secure-code/cargo-supply-chain shows the supply chain attack surface for your Rust project.
-
Announcement: xflags 3.0.0
bpaf: https://github.com/rust-secure-code/cargo-supply-chain/blob/29bfcb256001cdef46830544b554d33c56602030/src/cli.rs
-
Yet another command line argument parser: bpaf 0.5.2
I'm very happy with it for cargo supply-chain. I appreciate that it has no unsafe code, no sprawling dependency tree, and supports OsStr in addition to just &str.
-
Best way to protect a project from supply chain attacks?
cargo supply-chain to see your attack surface for supply chain attacks
- Cargo-supply-chain: Rust author, contributor and publisher data for dep. crates
-
Comparing Rust supply chain safety tools
See also: cargo supply-chain
-
Yet another command line argument parser: bpaf 0.4.0
I've used bpaf for cargo supply-chain and I'm very happy with it.
-
Fundamental - finding out who you can fund in dependency tree
https://github.com/rust-secure-code/cargo-supply-chain can also help here.
-
Announcing `cargo supply-chain` v0.3: revamped CLI, separate JSON schema
cargo supply-chain list the publishers of all crates in your dependency graph. With it you can:
What are some alternatives?
When comparing auto-fuzz-test and cargo-supply-chain you can also consider the following projects:
cargo-auditable - Make production Rust binaries auditable
cap-std - Capability-oriented version of the Rust standard library
pico-args - An ultra simple CLI arguments parser.
paru - Feature packed AUR helper
rust - Empowering everyone to build reliable and efficient software.
cargo-crev - A cryptographically verifiable code review system for the cargo (Rust) package manager.
Win32Fuzzer - Winapi fuzzer to help Wine project in creating better Windows "emulator"
json - Strongly typed JSON library for Rust
eve-rs - A simple, intuitive, express-like HTTP library
cargo-msrv - 🦀 Find the minimum supported Rust version (MSRV) for your project
auto-fuzz-test vs cargo-auditable
cargo-supply-chain vs cap-std
auto-fuzz-test vs pico-args
cargo-supply-chain vs paru
auto-fuzz-test vs rust
cargo-supply-chain vs cargo-crev
auto-fuzz-test vs Win32Fuzzer
cargo-supply-chain vs cargo-auditable
auto-fuzz-test vs json
cargo-supply-chain vs eve-rs
auto-fuzz-test vs eve-rs
cargo-supply-chain vs cargo-msrv