Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/crev-dev/cargo-crev

A cryptographically verifiable code review system for the cargo (Rust) package manager.
https://github.com/crev-dev/cargo-crev

code code-review decentralized p2p review scalable security trust

Last synced: 5 days ago
JSON representation

A cryptographically verifiable code review system for the cargo (Rust) package manager.

Host: GitHub
URL: https://github.com/crev-dev/cargo-crev
Owner: crev-dev
License: apache-2.0
Created: 2018-08-22T03:37:24.000Z (over 6 years ago)
Default Branch: main
Last Pushed: 2024-10-24T11:33:03.000Z (3 months ago)
Last Synced: 2024-10-29T15:02:47.360Z (3 months ago)
Topics: code, code-review, decentralized, p2p, review, scalable, security, trust
Language: Rust
Homepage:
Size: 3.16 MB
Stars: 2,096
Watchers: 23
Forks: 89
Open Issues: 54
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE-APACHE

Awesome Lists containing this project

awesome-rust-security - cargo-crev - cryptographically verifiable code review for cargo (Vulnerability Assessment / Static Code Auditing)

README

jesus, that's a lot of dependencies

image credit

# cargo-crev

> A cryptographically verifiable **c**ode **rev**iew system for the cargo (Rust)
> package manager.

## Introduction

[Crev](https://github.com/crev-dev/crev/) is a language and ecosystem agnostic,
distributed **c**ode **rev**iew system.

`cargo-crev` is an implementation of Crev as a command line tool integrated with
`cargo`. This tool helps Rust users evaluate the quality and trustworthiness of
their package dependencies.

## Features

`cargo-crev` can already:

- warn you about untrustworthy crates and security vulnerabilities,
- display useful metrics about your dependencies,
- help you identify dependency-bloat,
- allow you to review most suspicious dependencies and publish your findings,
- use reviews produced by other users,
- increase trustworthiness of your own code,
- build a web of trust of other reputable users to help verify the code you use,

and many other things with many more to come.

## Getting started

Static binaries are available from the [releases
page](https://github.com/crev-dev/cargo-crev/releases).

Follow the [`cargo-crev` - Getting Started
Guide](https://github.com/crev-dev/cargo-crev/blob/main/cargo-crev/src/doc/getting_started.md)
(more documentation available on [docs.rs](https://docs.rs/cargo-crev)).

`cargo-crev` is a work in progress, but it should be usable at all times.
Use [discussions](https://github.com/crev-dev/cargo-crev/discussions)
to get help, more information and report feedback. Thank you\!

## Raise awareness

If you're supportive of the cause, we would appreciate helping to raise
awareness of the project. Consider putting the below note in the README of your
Rust
projects:

It is recommended to always use [cargo-crev](https://github.com/crev-dev/cargo-crev)
to verify the trustworthiness of each of your dependencies, including this one.

Thank you\!

## Changelog

Changelog can be found here: