{"id":18295189,"url":"https://github.com/crev-dev/crevette","last_synced_at":"2025-09-09T06:34:34.889Z","repository":{"id":219953064,"uuid":"728217818","full_name":"crev-dev/crevette","owner":"crev-dev","description":"cargo-crev to cargo-vet code review exporter","archived":false,"fork":false,"pushed_at":"2024-11-11T22:05:23.000Z","size":27,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-31T03:03:59.547Z","etag":null,"topics":["auditing","cargo-crev","cargo-vet","supply-chain-security"],"latest_commit_sha":null,"homepage":"https://lib.rs/crevette","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crev-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-MIT","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-06T13:32:17.000Z","updated_at":"2025-03-22T15:00:27.000Z","dependencies_parsed_at":"2024-01-30T15:41:47.722Z","dependency_job_id":"60bca51a-7ee0-444a-816a-27c814135ad7","html_url":"https://github.com/crev-dev/crevette","commit_stats":null,"previous_names":["crev-dev/crevette"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crev-dev%2Fcrevette","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crev-dev%2Fcrevette/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crev-dev%2Fcrevette/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crev-dev%2Fcrevette/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crev-dev","download_url":"https://codeload.github.com/crev-dev/crevette/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247338783,"owners_count":20922995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auditing","cargo-crev","cargo-vet","supply-chain-security"],"created_at":"2024-11-05T14:33:53.095Z","updated_at":"2025-04-05T12:31:20.656Z","avatar_url":"https://github.com/crev-dev.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `cargo-crev` to `cargo-vet` converter\n\n[Crev](https://lib.rs/cargo-crev) and [Vet](https://lib.rs/cargo-vet) are supply-chain security tools for auditing Rust/Cargo dependencies.\n\nThis tool ([`crevette`](https://lib.rs/crevette)) is a helper for `cargo-crev` users that exports Crev reviews as an `audits.toml` file for use with `cargo-vet`.\n\n## Installation\n\nYou must have [`cargo-crev` alredy set up](https://github.com/crev-dev/cargo-crev/blob/main/cargo-crev/src/doc/getting_started.md), some [repos added as trusted](https://github.com/crev-dev/cargo-crev/wiki/List-of-Proof-Repositories) and reviews fetched (try `cargo crev repo fetch all`).\n\nIt requires the latest stable version of Rust. If your package manager has an outdated version of Rust, switch to [rustup](https://rustup.rs).\n\n```bash\ncargo install crevette\n```\n\n## Usage\n\nIn this initial release, the tool has no configuration. It uses your default `cargo crev` identity and configuration. It exports almost all reviews from all reviewers you (transitively) trust. Running `crevette` will print location of the `audits.toml` file. You may want to review it to ensure you agree with its contents.\n\nTo generate and upload the `audits.toml`:\n\n```bash\ncrevette\ncargo crev publish\n```\n\nThen on the `cargo vet` side, go to a Rust/Cargo project that you want to verify, and run:\n\n```bash\n# cargo vet init (if you haven't already)\ncargo vet import 'https://raw.githubusercontent.com/\u003cyour github username\u003e/crev-proofs/HEAD/audits.toml'\ncargo vet\n```\n\nIf you host your repositories elsewhere, adjust the HTTPS link accordingly.\n\nRe-run `crevette` to generate an updated version of `audits.toml` whenever you add more Crev reviews.\n\n## Important limitations\n\nThe tool estimates the `safe-to-run` and `safe-to-deploy` criteria based on a fuzzy combination of trust, rating, thoroughtness, and understanding attributes of crev code reviews. Currently negative reviews are not mapped to `vet`'s `violation` feature, and thefore do not have any effect!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrev-dev%2Fcrevette","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrev-dev%2Fcrevette","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrev-dev%2Fcrevette/lists"}