cargo-crev to cargo-vet code review exporter
-
Updated
Mar 20, 2024 - Rust
cargo-crev to cargo-vet code review exporter
Comparing crates.io contents with the corresponding Git repositories to check for supply chain attacks.
A validator for gradle/wrapper jar binaries, intended to be used in CI pipelines.
Reproducible Builds: Scraper/Parser for https://buildinfos.debian.net into structured data
Authenticate the cryptographic chain-of-custody of Linux distributions (like Arch Linux and Debian) to their source code inputs
Authenticate a tarball through a signed tag in a git repository (with reproducible builds)
Manage lockfiles in PKGBUILDs for upstreams that don't ship them, `updpkgsums` for dependency trees (Arch Linux tooling)
Automatically assess and score software repositories for supply chain risk.
Dependency lockfiles for reproducible build environments 📦🔒
Experimental binary transparency for pacman with sigstore and rekor
Signing-key abuse and update exploitation framework
Independent verification of binary packages - reproducible builds
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."