issues
search
mozilla
/
cargo-vet
supply-chain security for Rust
Apache License 2.0
649
stars
43
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Add documentation of the `trust` command and configuration.
#482
afranchuk
closed
1 year ago
0
`suggest` cmd can suggest same crate+version multiple times
#481
repi
closed
1 year ago
4
Import additional registries
#480
repi
closed
1 year ago
2
Simplify command for showing crate dependencies
#479
bkrl
closed
1 year ago
0
Bump console from 0.15.0 to 0.15.7
#478
dependabot[bot]
opened
1 year ago
0
Add description of policy table keys and stipulations around `dependency-criteria`
#477
afranchuk
closed
1 year ago
0
Rework the caching in crates.io metadata retrieval.
#476
afranchuk
closed
1 year ago
1
Support for sparse indexes/registries
#475
mikhasd
closed
1 year ago
3
Bump console from 0.15.0 to 0.15.6
#474
dependabot[bot]
closed
1 year ago
1
Add the `renew` subcommand and a warning for expiring wildcard audits.
#473
afranchuk
closed
1 year ago
2
Audit-as-crates-io detection needs some work
#472
bholley
closed
1 year ago
3
Bump tracing-subscriber from 0.3.11 to 0.3.17
#471
dependabot[bot]
opened
1 year ago
0
Add --store-path to CLI to specify supply-chain directory.
#470
jfgoog
closed
1 year ago
1
Use crate metadata to consider whether audit-as-crates-io should be set for a crate.
#469
afranchuk
closed
1 year ago
0
Show full publisher name when displaying trust hints
#468
bholley
closed
1 year ago
0
Support trusted entries in `cargo vet aggregate`
#467
bholley
closed
1 year ago
1
Potential sparse registry issues
#466
bholley
closed
1 year ago
5
Introduce nagging mechanism to update wildcard audit expiration
#465
bholley
closed
1 year ago
3
Avoid audit-as-crates-io errors when upstream publishes a new version
#464
bholley
closed
1 year ago
2
Bump clap from 3.2.6 to 3.2.25
#463
dependabot[bot]
closed
1 year ago
1
Bump clap from 3.2.6 to 3.2.24
#462
dependabot[bot]
closed
1 year ago
1
Trusted Crates Implementation
#461
mystor
closed
1 year ago
0
Implement Trusted Crate Suggestions
#460
mystor
closed
1 year ago
1
Implement local support for Trusted Crates
#459
mystor
closed
1 year ago
1
RFC: Trusted Crates
#458
bholley
closed
1 year ago
3
Bump miette from 5.1.0 to 5.8.0
#457
dependabot[bot]
closed
1 year ago
1
Bump filetime from 0.2.16 to 0.2.21
#456
dependabot[bot]
opened
1 year ago
0
Add google's aggregated audits to the registry
#455
bholley
closed
1 year ago
0
Prompt the exact `cargo vet certify` command after `cargo vet diff`
#454
afranchuk
closed
1 year ago
2
Bump miette from 5.1.0 to 5.7.0
#453
dependabot[bot]
closed
1 year ago
1
Tooling for bisecting crate versions to find violation ranges
#452
djkoloski
opened
1 year ago
2
Replace "chromeos" entry with combined "google" entry.
#451
bholley
opened
1 year ago
1
Stop validating imports.lock when not --locked
#450
mystor
closed
1 year ago
0
Digests of reviewed versions, digital signatures
#449
arnohaase
closed
1 year ago
5
Make it easier for users to learn more about registry entries
#448
bholley
opened
1 year ago
0
Recover gracefully from errors parsing the cargo-vet registry
#447
mystor
closed
1 year ago
0
Recording violations with non-binary audit criteria
#446
djkoloski
opened
1 year ago
7
Allow import and registry URLs to be an array
#445
mystor
closed
1 year ago
0
Allow import/registry URL fields to be an array
#444
bholley
closed
1 year ago
0
Bump thiserror from 1.0.31 to 1.0.40
#443
dependabot[bot]
closed
1 year ago
1
Update book to describe audit-as-crates-io guessing behavior
#442
bholley
closed
1 year ago
0
Default audit-as-crates-io to true on init if description matches
#441
mystor
closed
1 year ago
0
Update the book to reflect registry suggestion and criteria mapping changes
#440
mystor
closed
1 year ago
0
Emit a help message for some cargo metadata errors
#439
mystor
closed
1 year ago
0
Force fetching publisher information for non-dependency crates in certify
#438
mystor
closed
1 year ago
2
Consider a "bare" / "publish-only" instance concept for repositories without Cargo.lock
#437
bholley
opened
1 year ago
4
Bump miette from 5.1.0 to 5.6.0
#436
dependabot[bot]
closed
1 year ago
1
Track the version of cargo-vet used to create the supply-chain store
#435
mystor
closed
1 year ago
2
Add support for registry suggestions
#434
mystor
closed
1 year ago
2
Map criteria into the local namespace eagerly when importing
#433
mystor
closed
1 year ago
0
Previous
Next