Project Description

Crev [1] is a collaborative code audit idea. Since it's common that more security engineers can work on the same projects, or there can be a different person auditing a piece of code after some time, there is the need to keep track of the code audit notes in a non-repudiable way.

This can be of interest to our internal security team, for the audits we did on the distribution code packages.

Goal for this Hackweek

  • Understand the as-is: complete
  • Create / expand workflow proposal: uncomplete
  • Implement some support tooling to create proofs uncomplete
  • Create some small PoC code in BASH: partially complete

Hackweek 21 outcomes

During this hackweek I tried to understand the framework by putting some basic concepts into code[2] and I wrote dome final considerations [3].

TL;DR there's a lot of work that must to be done in improving formal framework specification. I feel the need to help redesign the grammar of the specifications and the filetype and add some more examples. Implementation has to be agnostic from the documentation, so this means it must be decoupled from the doc itself

Resources

  1. https://github.com/crev-dev/crev
  2. My repo on Github
  3. Considerations

Looking for hackers with the skills:

codereview codeaudit security workflow rust

This project is part of:

Hack Week 21

Activity

  • about 1 month ago: jzerebecki liked this project.
  • about 1 month ago: jzerebecki added keyword "rust" to this project.
  • about 1 month ago: jzerebecki joined this project.
  • about 1 month ago: wfrisch liked this project.
  • about 1 month ago: fbonazzi liked this project.
  • about 1 month ago: fbonazzi started this project.
  • about 1 month ago: pperego added keyword "codereview" to this project.
  • about 1 month ago: pperego added keyword "codeaudit" to this project.
  • about 1 month ago: pperego added keyword "security" to this project.
  • about 1 month ago: pperego added keyword "workflow" to this project.
  • about 1 month ago: pperego originated this project.

  • Comments

    Similar Projects

    rust security reviews and cargo-crev by jzerebecki

    [comment]: # (Please use the project descriptio...


    Poking technologies for enrolling customer key to kernel trusted keyring by joeyli

    [comment]: # (Please use the project descriptio...


    FIDO2 emulation by mkoutny

    [comment]: # (Please use the project descriptio...


    Learn more about Application Security (AppSec) Open Source Tools and Testing Techniques by heidi.bronson

    [comment]: # (Please use the project descriptio...


    Kanidm - Modern Opensource Identity Management by firstyear

    Project Description

    Kanidm is a identity ma...


    rust security reviews and cargo-crev by jzerebecki

    [comment]: # (Please use the project descriptio...


    Rust in linux kernel by dsterba

    [comment]: # (Please use the project descriptio...


    rinit by dspinella

    [comment]: # (Please use the project descriptio...


    Project Verifree : internal key server(s) by mcaj

    Project description

    The project Verifree...


    Implement search in zellij by MSirringhaus

    Project Description

    [zellij](https://gith...