Explore Crev as collaborative code audit
a project by pperego
Updated over 1 year ago. 3 hacker ♥️. 3 followers.

Project Description

Crev [1] is a collaborative code audit idea. Since it's common that more security engineers can work on the same projects, or there can be a different person auditing a piece of code after some time, there is the need to keep track of the code audit notes in a non-repudiable way.

This can be of interest to our internal security team, for the audits we did on the distribution code packages.

Goal for this Hackweek

  • Understand the as-is: complete
  • Create / expand workflow proposal: uncomplete
  • Implement some support tooling to create proofs uncomplete
  • Create some small PoC code in BASH: partially complete

Hackweek 21 outcomes

During this hackweek I tried to understand the framework by putting some basic concepts into code[2] and I wrote dome final considerations [3].

TL;DR there's a lot of work that must to be done in improving formal framework specification. I feel the need to help redesign the grammar of the specifications and the filetype and add some more examples. Implementation has to be agnostic from the documentation, so this means it must be decoupled from the doc itself

Resources

  1. https://github.com/crev-dev/crev
  2. My repo on Github
  3. Considerations

Join this project

Looking for hackers with the skills:

codereview codeaudit security workflow rust

This project is part of:

Hack Week 21

Activity

  • over 1 year ago: jzerebecki liked this project.
  • over 1 year ago: jzerebecki added keyword "rust" to this project.
  • over 1 year ago: jzerebecki joined this project.
  • over 1 year ago: wfrisch liked this project.
  • over 1 year ago: fbonazzi liked this project.
  • over 1 year ago: fbonazzi started this project.
  • over 1 year ago: pperego added keyword "codereview" to this project.
  • over 1 year ago: pperego added keyword "codeaudit" to this project.
  • over 1 year ago: pperego added keyword "security" to this project.
  • over 1 year ago: pperego added keyword "workflow" to this project.
  • over 1 year ago: pperego originated this project.


    • Comments

    Similar Projects

    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...

    Predefined app security policy template for NeuVector by feih

    Project Description

    Idea is to predefin...

    Port NeuVector zero-trust security functions to host/VM by feih

    Project Description

    Today, NeuVector on...

    (Rust) Manage systems in NetBox using NetBox-Sync by chock

    [comment]: # (Please use the project descriptio...

    Create a new markup language with parser in rust by nkrapp

    Project Description

    Write a parser for my...

    toniowm by fabriziosestito

    toniowm is yet another window manager written i...

    Relm4-based user interface for Agama by IGonzalezSosa

    Motivation

    Disclaimer: the idea of this pr...

    A set of utilities to produce a "from scratch" OCI/Docker container using Opensuse/SLE rpms by ldragon

    [comment]: # (Please use the project descriptio...