https://github.com/jnaulty/cargo-diff
Security Review Utility to help highlight risk signals in reviews of dependency updates.
https://github.com/jnaulty/cargo-diff
dependency-analysis rust security supply-chain
Last synced: about 2 months ago
JSON representation
Security Review Utility to help highlight risk signals in reviews of dependency updates.
- Host: GitHub
- URL: https://github.com/jnaulty/cargo-diff
- Owner: jnaulty
- Created: 2020-12-08T20:48:44.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2020-12-22T07:47:02.000Z (over 5 years ago)
- Last Synced: 2025-04-02T03:46:39.413Z (over 1 year ago)
- Topics: dependency-analysis, rust, security, supply-chain
- Language: Python
- Homepage:
- Size: 21.5 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Cargo Diff Utility
Quickly generate diffs from one version of a cargo crate to another.
Shamelessly adopted from @mimoo's [gist](https://gist.github.com/mimoo/fb88d33889d236d937fa1c6946698341)
## Quick Setup
### Build
**Docker**
- run `make build`
### Running
**Diff between two versions of a crate from crates.io**
- run `./create-cratesio-diff.sh {crate_name} {version_1} {version_2}` (e.g. `./create-cratesio-diff.sh tokio 0.2.22 0.3.4`)
**Diff between git repo and crates.io package tar archive at a specific version**
- run `./create-git-crate-diff.sh `
You should see an HTML report file with the naming scheme `{crate_name}.{version_1}-{version_2}.html` in your current directory.
**Parsing output of guppy-summaries**
- get a [guppy SummaryDiff](https://github.com/facebookincubator/cargo-guppy/) and store the JSON result in an `INPUT_FILE` (this can be obtained by running `cargo x diff-summary` in the diem/diem codebase)
- run `./analyze-guppy-output.sh INPUT_FILE`