Project Description
Crev [1] is a collaborative code audit idea. Since it's common that more security engineers can work on the same projects, or there can be a different person auditing a piece of code after some time, there is the need to keep track of the code audit notes in a non-repudiable way.
This can be of interest to our internal security team, for the audits we did on the distribution code packages.
Goal for this Hackweek
- Understand the as-is: complete
- Create / expand workflow proposal: uncomplete
- Implement some support tooling to create proofs uncomplete
- Create some small PoC code in BASH: partially complete
Hackweek 21 outcomes
During this hackweek I tried to understand the framework by putting some basic concepts into code[2] and I wrote dome final considerations [3].
TL;DR there's a lot of work that must to be done in improving formal framework specification. I feel the need to help redesign the grammar of the specifications and the filetype and add some more examples. Implementation has to be agnostic from the documentation, so this means it must be decoupled from the doc itself
Resources
Looking for hackers with the skills:
This project is part of:
Hack Week 21
Activity
Comments
-
11 months ago by jzerebecki | Reply
See also https://hackweek.opensuse.org/21/projects/rust-security-reviews-and-cargo-crev
-
11 months ago by jzerebecki | Reply
Updated packages available at https://build.opensuse.org/package/show/devel:tools/cargo-crev
Similar Projects
Run sandboxed Firefox with image and sound inside a container by nguyens
[comment]: # (Please use the project descriptio...
Sandboxed USB Inspection by nguyens
[comment]: # (Please use the project descriptio...
Create tool for managing RPM package signing keys by dheidler
[comment]: # (Please use the project descriptio...
Rancher Token Revoker by mbolot
[comment]: # (Please use the project descriptio...
Tafl by mrohrich
[comment]: # (Please use the project descriptio...
Build a Unikernel that runs WebAssembly by flavio_castelli
[comment]: # (Please use the project descriptio...
Rewrite the D-Installer CLI by IGonzalezSosa
Project Description
Before the openSUSE 2...
Make iguana-workflow to support multiple container frontends by oholecek
Project Description
Iguana is an attempt ...
Algorithm Visualizer by agraul
[comment]: # (Please use the project descriptio...