Skip to content
/ hoplon Public

decentralized package security audit network of trust

License

Apache-2.0 license
32 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nietaki/hoplon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

116 Commits
assets
assets
 
 
config
config
 
 
guides
guides
 
 
lib
lib
 
 
scripts
scripts
 
 
src/generated
src/generated
 
 
test
test
 
 
.formatter.exs
.formatter.exs
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
dialyzer_ignore.exs
dialyzer_ignore.exs
 
 
mix.exs
mix.exs
 
 
mix.lock
mix.lock
 
 

Repository files navigation

Hoplon

Hoplon is a package that helps you verify that the code in your project's dependencies contains exactly what's on their GitHub and no other malicious code.

Hoplon is a set of tools to create and share signed "audits" describing the security status of hexpm (or other) packages. It allows you to maintain a collection of "trusted keys" - people whose audits you can fetch and take into account when assessing packages you (want to) use.

See CodeBEAM STO presentation slides for details. Video of the talk coming soon.

travis badge Hex.pm docs

Usage

There is no current version of hoplon on hex.pm, you need to get it from github:

defp deps do
  [
    {:hoplon, github: "nietaki/hoplon"},
  ]
end

After you add it to your dependencies, you gain access to the relevant hoplon tasks. The currently relevant hoplon tasks are mix hoplon.fetch, mix hoplon.my_key, mix hoplon.status and mix hoplon.trusted_keys

All of those mix tasks come with documentation:

mix help hoplon.trusted_keys

About

decentralized package security audit network of trust

Resources

Readme

License

Apache-2.0 license
Activity

Stars

32 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

7 tags

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages