6cd7256ee8
* Add methods to check always insecure dependencies Unlike checks for `_insecure`, `always_insecure_ only accounts for vulnerabilities not patched in the latest version in the range * Update status renders to show "maybe insecure" - show always insecure dependencies as insecure, and remaining ones as "possibly insecure" - show warning sign on all dependencies with possible vulnerability - tweak security banner in case all insecure dependencies are "possibly insecure" * Update badge renderer to show "maybe insecure" - only show the red "inscure" if >=1 dependency is always insecure - show "possibly insecure" if all are up to date but might be vulnerable * Update status renderer - more complete counts per project * Format code * Extend banner to explain what "maybe insecure" means |
||
---|---|---|
.github/workflows | ||
assets | ||
deploy | ||
libs/badge | ||
resources | ||
src | ||
.dockerignore | ||
.gitattributes | ||
.gitignore | ||
build.rs | ||
Cargo.lock | ||
Cargo.toml | ||
Dockerfile | ||
LICENSE | ||
Procfile | ||
README.md | ||
RustConfig |
Deps.rs - Dependency status at a glance
Deps.rs is a service that shows you at a glance if any of your dependencies are out of date or insecure.
This works by comparing the dependencies in a project's Cargo.toml
to the latest versions in the crates.io database.
For security-related information, we query the RustSec Security Advisory Database.
We currently support projects and crates hosted on crates.io, Github, Gitlab, Bitbucket, and SourceHut. To analyze the state of your dependencies you can use the following URLs:
- for projects on crates.io:
https://deps.rs/crate/<NAME>
- for projects on Github, Gitlab, Bitbucket, or SourceHut:
https://deps.rs/repo/<HOSTER>/<USER>/<REPO>
(where<HOSTER>
is eithergithub
,gitlab
,bitbucket
, orsourcehut
)
On the analysis page, you will also find the markdown code to include a fancy badge in your project README so visitors (and you) can see at a glance if your dependencies are still up to date!
Contributing
We are always looking for help from the community! Feel like a feature is missing? Found a bug? Open an issue!
Do you want to contribute? Then browse the list of open issues and ask if you can take care of it.
Building the project
To get started on the project simply clone the repository and run the build:
git clone https://github.com/deps-rs/deps.rs
cd deps.rs
cargo run
The started development server will listen on port 8080 on localhost, so you just have to point your browser to http://localhost:8080
to see if it works.
Copyright and License
Copyright 2018 Sam Rijs and Contributors
Licensed under the Apache License, Version 2.0 (the "License"). You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.