Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/geiger-rs/cargo-geiger
Detects usage of unsafe Rust in a Rust crate and its dependencies.
https://github.com/geiger-rs/cargo-geiger
Last synced: about 1 month ago
JSON representation
Detects usage of unsafe Rust in a Rust crate and its dependencies.
- Host: GitHub
- URL: https://github.com/geiger-rs/cargo-geiger
- Owner: geiger-rs
- Created: 2018-06-20T21:43:55.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-04-19T07:01:46.000Z (about 2 months ago)
- Last Synced: 2024-04-26T06:03:00.254Z (about 1 month ago)
- Language: Rust
- Homepage: https://crates.io/crates/cargo-geiger
- Size: 1.76 MB
- Stars: 1,311
- Watchers: 11
- Forks: 65
- Open Issues: 50
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
Lists
- awesome-rust - geiger - geiger/cargo-geiger/_apis/build/status/geiger-rs.cargo-geiger?branchName=master)](https://dev.azure.com/cargo-geiger/cargo-geiger/_build/latest?definitionId=1&branchName=master) (Development tools / Web Servers)
- awesome-stars-coconut - geiger-rs/cargo-geiger - Detects usage of unsafe Rust in a Rust crate and its dependencies. (Rust)
- awesome-stars - geiger-rs/cargo-geiger - Detects usage of unsafe Rust in a Rust crate and its dependencies. (Rust)
- awesome-stars - geiger-rs/cargo-geiger - Detects usage of unsafe Rust in a Rust crate and its dependencies. (Rust)
- awesome-rust - geiger - geiger/cargo-geiger/_apis/build/status/geiger-rs.cargo-geiger?branchName=master)](https://dev.azure.com/cargo-geiger/cargo-geiger/_build/latest?definitionId=1&branchName=master) Stars:`1.3K`. (Development tools / Web Servers)
- static-analysis - cargo-geiger
- awesome-stars - geiger-rs/cargo-geiger - Detects usage of unsafe Rust in a Rust crate and its dependencies. (Rust)
- trackawesomelist - cargo-geiger (⭐1.3k)
README
cargo-geiger ☢️
===============[![CI](https://github.com/geiger-rs/cargo-geiger/actions/workflows/ci.yml/badge.svg)](https://github.com/geiger-rs/cargo-geiger/actions/workflows/ci.yml)
[![unsafe forbidden](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/)
[![crates.io](https://img.shields.io/crates/v/cargo-geiger.svg)](https://crates.io/crates/cargo-geiger)
[![Crates.io](https://img.shields.io/crates/d/cargo-geiger?label=cargo%20installs)](https://crates.io/crates/cargo-geiger)A tool that lists statistics related to the usage of unsafe Rust code in a Rust
crate and all its dependencies.This cargo plugin was originally based on the code from two other projects:
* and
*Installation
------------Try to find and use a system-wide installed OpenSSL library:
```bash
cargo install --locked cargo-geiger
```Or, build and statically link OpenSSL as part of the cargo-geiger executable:
```bash
cargo install --locked cargo-geiger --features vendored-openssl
```Alternatively pre-built binary releases are available from [GitHub releases](https://github.com/geiger-rs/cargo-geiger/releases).
Usage
-----1. Navigate to the same directory as the `Cargo.toml` you want to analyze.
2. `cargo geiger`Intended Use
------------This tool is not meant to advise directly whether the code ultimately is truly insecure or not.
The purpose of cargo-geiger is to provide statistical input to auditing e.g. with:
- [cargo-crev](https://crates.io/crates/cargo-crev)
- [safety-dance](https://github.com/rust-secure-code/safety-dance)The use of unsafe is nuanced and necessary in some cases and any motivation to use it is outside the scope of cargo-geiger.
It is important that any reporting is handled with care:
- [Reddit: The Stigma around Unsafe](https://www.reddit.com/r/rust/comments/y1u068/the_stigma_around_unsafe/)
- [YouTube: Rust NYC: Jon Gjengset - Demystifying unsafe code](https://youtu.be/QAz-maaH0KM)
- [Rust-lang: WG Unsafe Code Guidelines](https://github.com/rust-lang/unsafe-code-guidelines)Output example
--------------![Example output](https://user-images.githubusercontent.com/3704611/53132247-845f7080-356f-11e9-9c76-a9498d4a744b.png)
Known issues
------------- See the [issue tracker](https://github.com/rust-secure-code/cargo-geiger/issues).
Libraries
---------Cargo Geiger exposes three libraries:
- `cargo-geiger` - Unversioned and highly unstable library exposing the internals of the `cargo-geiger` binary. As such, any function contained within this library may be subject to change.
- `cargo-geiger-serde` - A library containing the serializable report types
- `geiger` - A library containing a few decoupled [cargo] components used by [cargo-geiger]Changelog
---------See the [changelog].
[cargo]: https://crates.io/crates/cargo
[cargo-geiger]: https://crates.io/crates/cargo-geiger
[changelog]: https://github.com/rust-secure-code/cargo-geiger/blob/master/CHANGELOG.mdWhy the name?
-------------Unsafe code, like ionizing radiation, is unavoidable in some situations and should be safely contained!