Stream: wg-secure-code

Topic: RustSec call graph analysis


Tony Arcieri (Jul 23 2019 at 23:52, on Zulip):

Given the recent RUSTSEC-2019-0011 shenanigans, I opened an issue about a potential integration between cargo-audit and Siderophile: https://github.com/RustSec/cargo-audit/issues/89

Tony Arcieri (Jul 23 2019 at 23:52, on Zulip):

/me and @Alex Gaynor are on a slack with several of their employees including their CEO, so this seems like something we might be able to pull off :wink:

Tony Arcieri (Jul 23 2019 at 23:53, on Zulip):

cc @Shnatsel since I think you recently mentioned Siderophile

Tony Arcieri (Jul 24 2019 at 00:04, on Zulip):

also opened an issue on their repo https://github.com/trailofbits/siderophile/issues/16

Shnatsel (Jul 24 2019 at 12:02, on Zulip):

It sounds like splitting call graph analysis into a separate crate is the way to go. Many other things could benefit from it, such rustsec and cargo-geiger

Last update: Nov 11 2019 at 23:15UTC