rustsec
rustsec copied to clipboard
rustsec
RustSec API & Tooling
Add a very simple search feature, only making exact searches over package names and IDs. I think it would already cover a lot of needs. What it does: * The...
As explained in https://github.com/rustsec/advisory-db/issues/1253 it is currently difficult to find an advisory marthing a specific CVE id (or some other details). A way to address this in a general manner...
They appear when there is a PR that doesn't add advisories e.g. when we bumped rustsec-admin 0.8.0 for rustdecimal https://github.com/rustsec/advisory-db/pull/1308 Resulted into: https://github.com/rustsec/advisory-db/pull/1309 Probably should adjust the workflow in db
What I like with deny is that I can call `cargo deny init` ``` init Creates a cargo-deny config from a template ``` This creates it's own default config file...
Continuing from here: https://github.com/rustsec/advisory-db/issues/380 I don't think we can guarantee that the PR number is in the merge commit so that `rustsec-admin assign-id --github-actions-output` can spit it to the message...
## Background We've had some advisories / proposals where we don't have any concrete security issue(s) caused by untrusted data handling but it may be sometimes reasonable / feasible to...
Running `cargo audit` on [tendermint-rs](https://github.com/informalsystems/tendermint-rs) locally creates a `~/.cargo/advisory-db` directory within the repository directory itself - it doesn't seem to be resolving the `~` path correctly. ```bash > cargo audit...
Currently because of a way Clap does Subcommands printing the version information of `cargo-audit` does nothing: ``` ❯ cargo audit --help cargo-audit-audit Audit Cargo.lock files for vulnerable crates #...snip... ❯...
I has an error with the `cargo-audit` version rustc: 1.56.1 version cargo: 1.56.0 For a docker image `rust:alpine`, I install `audit` and then: ``` /albrs-antijamming_rs-lib # cargo audit Fetching advisory...
We currently require the presence of _some_ signature on the latest commit in advisory-db repo for `cargo audit` and other tooling that uses `rustsec` crate to work. This is completely...
