cargo-auditable with Sergey Davidoff
Posted Fri, 11 Nov 2022 16:55:00 +0000Allen Wyma talks with Sergey Davidoff, creator of cargo-auditable, a cargo plugin for auditing your Rust dependencies for security vulnerabilities.
Contributing to Rustacean Station
Rustacean Station is a community project; get in touch with us if you’d like to suggest an idea for an episode or offer your services as a host or audio editor!
- Twitter: @rustaceanfm
- Discord: Rustacean Station
- Github: @rustacean-station
- Email: hello@rustacean-station.org
Timestamps
- [@00:10] - Introduction to cargo-auditable
- [@07:51] - Guarantees that cargo-auditable provides
- [@17:33] - Trivy and other crates that are in cargo-auditable
- [@19:47] - cargo-auditable vs cargo audit
- [@21:09] - Sergey’s programming background
- [@34:49] - Vulnerabilities Sergey was able to encounter and reported to RustSec
- [@39:47] - Feedbacks and reactions from library owners that were found to have issues
- [@48:52] - How does Sergey handle problems and issues he encounters?
- [@56:48] - Sergey’s tips and advice to those who want to improve security on their projects
- [@59:36] - Parting thoughts and shoutouts
Credits
Intro Theme: Aerocity
Audio Editing: Plangora
Hosting Infrastructure: Jon Gjengset
Show Notes: Plangora
Hosts: Allen Wyma