rust-secure-code / projects Goto Github PK
View Code? Open in Web Editor NEWContains a list of security related Rust projects.
License: GNU General Public License v3.0
Contains a list of security related Rust projects.
License: GNU General Public License v3.0
RustSec is no longer the only way to get Rust vulnerability disclosures.
https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust
Hi, the list is fantastic. I found that the link(https://github.com/RustCrypto/utils/tree/master/ctgrind) to ctgrind is no longer valid. What is the current status of this project? Or are there any other options?
"rustsec" is the name of the vulnerability database. I think it's a bit confusing to have projects related to the WG also branded as "rustsec".
Perhaps just rename this repo to "projects" so it's rust-secure-code/projects
?
I no longer wish to maintain 4 crates which have accumulated dependents. Instead of transferring ownership over the name to the first person who shows interest in a project, should I publish a breaking version change which erases all functionality and announces the crate is archived, then suggest migrating to or creating a new fork. Listing known alternatives if they exist.
What do you think?
Alternatively I would be happy to transfer the crates to any member of this organization with implicit trust.
The crates in question have 11, 1, 18, 1, dependents respectively. The nature of alloc_counter
and criterion-cycles-per-byte
tend towards security contexts, notably cryptography.
https://crates.io/crates/alloc_counter/reverse_dependencies
https://crates.io/crates/alloc_counter_macro/reverse_dependencies
https://crates.io/crates/criterion-cycles-per-byte/reverse_dependencies
https://crates.io/crates/wrapped_enum/reverse_dependencies
Mozilla's Cargo Vet probably belongs in your list somewhere.
https://github.com/mozilla/cargo-vet
https://mozilla.github.io/cargo-vet/
Their FAQ draws a comparison to cargo crev
, so maybe place it next to that.
Since cargo-deny also provides vulnerability checking (I think it uses the same underlying code as cargo-audit) it would be nice to mention it here. (Of course it does some more things which might also be mentioned somehow.) It seems like a nice unified solution.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.