This website requires JavaScript.
Explore
Help
Register
Sign in
mdebray
/
tvl-depot
Watch
1
Star
0
Fork
You've already forked tvl-depot
0
Code
Issues
Pull requests
Projects
Releases
Packages
Wiki
Activity
Actions
ae98240df2
tvl-depot
/
tools
/
rust-crates-advisory
/
OWNERS
5 lines
50 B
Text
Raw
Normal View
History
Unescape
Escape
feat(tools): add rust-crates-advisory We have a bunch of crates in `third_party/rust-crates`; it would be great if we could check them for existing CVEs. This tool does that, it takes the rust security advisory database, parses the applicable CVEs, and cross-checks them against the actual crate versions we list in our package database. The dumb parser we wrote is tested against all entries in the database, so we will notice when upstream breaks their shit. Checking the semver stuff is easy enough with the semver crate. If an advisory matches, it prints the whole thing and fails the build. Change-Id: I9e912c43d37a685d9d7a4424defc467a171ea3c4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2818 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-04 04:04:20 +02:00
inherited: true
owners:
- Profpatsch
chore: move format-audit-result.jq out of //users/sterni In the spirit of the readTree filter we should also not include files in user directories from the outside. Change-Id: I1abe36a721048900d2758b5986063b68b8d1af93 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5200 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-03 14:44:03 +01:00
- sterni
Reference in a new issue
Copy permalink