wg
cargo-deny
wg | cargo-deny | |
---|---|---|
4 | 15 | |
146 | 1,554 | |
0.0% | 1.7% | |
2.6 | 8.8 | |
almost 3 years ago | 4 days ago | |
Rust | ||
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg
-
Compiling version information into Rust binary
Check cargo-auditable or this thread on the same topic.
-
Rustaceans at the Border [Linux Kernel]
For other repro curious readers, this seems like a good entry point to follow reproducibility efforts: https://github.com/rust-secure-code/wg/issues/28
-
NPM malware and what it could imply for Cargo
If this topic interests you generally, please check out the Rust Secure Code Working Group.
-
How can we make sure this doesn't happen with Crates.io?
The Rust Secure Code Working Group, of which I'm a member, is one. We maintain the RUSTSEC security advisory database at:
cargo-deny
-
Please add licenses to your projects, rust DS emulator Dust now dead.
Tip: You can check the licenses of all your dependencies (recursively) using cargo-deny: https://github.com/EmbarkStudios/cargo-deny
- Cargo-deny: a cargo plugin for linting Rust project dependencies
-
What are some useful tools for Rust?
cargo-deny
-
Can versions of a crate be blocked / be made unusable / be made not downloadable?
cargo-deny can help block specified versions of a crate and even has some advisory features that can probably used to block crate with reported vulnerabilities
-
Best way to protect a project from supply chain attacks?
cargo deny for fetching crates only from trusted sources, blacklisting crates, etc.
-
NPM malware and what it could imply for Cargo
Use cargo audit or cargo deny to check the crates in your Cargo.lock to ensure they don't contain any vulnerabilities.
-
This Year in Embedded Rust: 2021 edition
> Explain the crate scanner thing?
I assume a reference to tools that help manage potential issues around dependencies, e.g.:
* https://github.com/rustsec/rustsec/tree/main/cargo-audit
* https://github.com/EmbarkStudios/cargo-deny
"[cargo-audit] Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database."
"cargo-deny is a cargo plugin that lets you lint your project's dependency graph to ensure all your dependencies conform to your expectations and requirements." e.g. license, security advisories, source.
-
Score card for dependencies in a project
cargo-deny does license and security advisory checking, and cargo-geiger does unsafe checking.
-
How can we make sure this doesn't happen with Crates.io?
cargo-deny
-
Blog post: Cross compiling Rust Windows binaries from Linux
OpenSSL has been banned in our project for a variety of reasons via cargo-deny for around a year and half, it was actually one of the reasons we created it in the first place.
What are some alternatives?
namespacing-rfc - RFC for Packages as Optional Namespaces
cargo-about - 📜 Cargo plugin to generate list of all licenses for a crate 🦀
kerla - A new operating system kernel with Linux binary compatibility written in Rust.
advisory-db - Security advisory database for Rust crates published through crates.io
rustsec - RustSec API & Tooling
xwin - A utility for downloading and packaging the Microsoft CRT headers and libraries, and Windows SDK headers and libraries needed for compiling and linking programs targeting Windows.
nodo - Pre-emptively created repository so the design can be discussed on the issue tracker before commits are made (repo name may change)
crates.io-index - Registry index for crates.io
ua-parser-js - UAParser.js - Free & open-source JavaScript library to detect user's Browser, Engine, OS, CPU, and Device type/model. Runs either in browser (client-side) or node.js (server-side).
static_init
n - Node version management
nextest - A next-generation test runner for Rust.