Explore Crev as collaborative code audit
a project by pperego
Updated over 2 years ago. 3 hacker ♥️. 3 followers.

Project Description

Crev [1] is a collaborative code audit idea. Since it's common that more security engineers can work on the same projects, or there can be a different person auditing a piece of code after some time, there is the need to keep track of the code audit notes in a non-repudiable way.

This can be of interest to our internal security team, for the audits we did on the distribution code packages.

Goal for this Hackweek

  • Understand the as-is: complete
  • Create / expand workflow proposal: uncomplete
  • Implement some support tooling to create proofs uncomplete
  • Create some small PoC code in BASH: partially complete

Hackweek 21 outcomes

During this hackweek I tried to understand the framework by putting some basic concepts into code[2] and I wrote dome final considerations [3].

TL;DR there's a lot of work that must to be done in improving formal framework specification. I feel the need to help redesign the grammar of the specifications and the filetype and add some more examples. Implementation has to be agnostic from the documentation, so this means it must be decoupled from the doc itself

Resources

  1. https://github.com/crev-dev/crev
  2. My repo on Github
  3. Considerations

Join this project

Looking for hackers with the skills:

codereview codeaudit security workflow rust

This project is part of:

Hack Week 21

Activity

  • over 2 years ago: jzerebecki liked this project.
  • over 2 years ago: jzerebecki added keyword "rust" to this project.
  • over 2 years ago: jzerebecki joined this project.
  • over 2 years ago: wfrisch liked this project.
  • over 2 years ago: fbonazzi liked this project.
  • over 2 years ago: fbonazzi started this project.
  • over 2 years ago: pperego added keyword "codereview" to this project.
  • over 2 years ago: pperego added keyword "codeaudit" to this project.
  • over 2 years ago: pperego added keyword "security" to this project.
  • over 2 years ago: pperego added keyword "workflow" to this project.
  • over 2 years ago: pperego originated this project.


    • Comments

    • jzerebecki
      over 2 years ago by jzerebecki | Reply

      See also https://hackweek.opensuse.org/21/projects/rust-security-reviews-and-cargo-crev

    • jzerebecki
      over 2 years ago by jzerebecki | Reply

      Updated packages available at https://build.opensuse.org/package/show/devel:tools/cargo-crev

    Similar Projects

    Migrate from Docker to Podman by tjyrinki_suse

    Description

    I'd like to continue my [form...

    Kanidm: A safe and modern IDM system by firstyear

    Kanidm is an IDM system written in Rust for mod...

    Linux Security and Practice by r1chard-lyu

    Description

    This project focuses on discove...

    CVE portal for SUSE Rancher products by gmacedo

    Description

    Currently it's a bit difficul...

    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...

    Agama installer on-line demo by lslezak

    Description

    The [Agama installer](https:/...

    Hacking on sched_ext by flonnegren

    Description

    Sched_ext upstream has some i...

    Hack on isotest-ng - a rust port of isotovideo (os-autoinst aka testrunner of openQA) by szarate

    Description

    Some time ago, I managed to c...

    Kanidm: A safe and modern IDM system by firstyear

    Kanidm is an IDM system written in Rust for mod...

    Implement a CLI tool for Trento - trentoctl by nkopliku

    Description

    Implement a trentoctl CLI for...