Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency alerts are configured using RustSec/cargo audit #6815

Closed
Tracked by #6399
legoktm opened this issue May 17, 2023 · 1 comment · Fixed by #6949
Closed
Tracked by #6399

Dependency alerts are configured using RustSec/cargo audit #6815

legoktm opened this issue May 17, 2023 · 1 comment · Fixed by #6949
Assignees
@legoktm @zenmonkeykstop
Labels
Rust Issues that touch Rust code
Milestone
SecureDrop 2.7.0

Comments

@legoktm
Copy link
Member

legoktm commented May 17, 2023
edited
Loading

We should get notifications for security issues in Rust dependencies using the https://rustsec.org/ database and their cargo-audit tool.

Presumably this should be done using the same infrastructure/setup that our current Python alerts use.
@legoktm legoktm mentioned this issue May 17, 2023
Closed
14 tasks
@legoktm legoktm added the Rust Issues that touch Rust code label May 17, 2023
@zenmonkeykstop zenmonkeykstop moved this to Cycle Backlog in SecureDrop dev cycle May 19, 2023
@zenmonkeykstop zenmonkeykstop moved this from Cycle Backlog to Ready to go in SecureDrop dev cycle Jun 20, 2023
@eaon eaon moved this from Ready to go to In Progress in SecureDrop dev cycle Jun 27, 2023
@zenmonkeykstop zenmonkeykstop added this to the SecureDrop 2.7.0 milestone Jul 12, 2023
@eaon eaon removed their assignment Aug 5, 2023
@zenmonkeykstop zenmonkeykstop self-assigned this Aug 14, 2023
@zenmonkeykstop zenmonkeykstop mentioned this issue Sep 22, 2023
Merged
2 tasks
@zenmonkeykstop zenmonkeykstop moved this from In Progress to Ready For Review in SecureDrop dev cycle Sep 22, 2023
@zenmonkeykstop
Copy link
Contributor

Added a Makefile target and some CI bits for a minimal version of this - I'd hold off on anything more substantial until we see how https://github.com/aquasecurity/trivy or similar shakes out.

@github-project-automation github-project-automation bot moved this from Ready For Review to Done in SecureDrop dev cycle Sep 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@legoktm legoktm

@zenmonkeykstop zenmonkeykstop

Labels
Rust Issues that touch Rust code
Projects
SecureDrop dev cycle
Archived in project
Milestone
SecureDrop 2.7.0
Development

Successfully merging a pull request may close this issue.

Add cargo audit job in CI freedomofpress/securedrop
3 participants
@legoktm @eaon @zenmonkeykstop