https://github.com/awslabs/tough
Rust libraries and tools for using and generating TUF repositories
Science Score: 26.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (5.0%) to scientific vocabulary
Keywords from Contributors
Repository
Rust libraries and tools for using and generating TUF repositories
Basic Info
Statistics
- Stars: 212
- Watchers: 18
- Forks: 61
- Open Issues: 61
- Releases: 78
Metadata Files
README.md
tough
tough is a Rust client library for The Update Framework (TUF) repositories.
tuftool is a Rust command-line utility for generating and signing TUF repositories.
Integration Testing
Integration tests require, noxious, which is installed when running make integ.
Documentation
See tough - Rust for the latest tough library documentation.
See tuftool's README for more on how to use tuftool.
License
tough is licensed under the Apache License, Version 2.0 or the MIT license, at your option.
Owner
- Name: Amazon Web Services - Labs
- Login: awslabs
- Kind: organization
- Location: Seattle, WA
- Website: http://amazon.com/aws/
- Repositories: 914
- Profile: https://github.com/awslabs
AWS Labs
GitHub Events
Total
- Create event: 38
- Release event: 8
- Issues event: 4
- Watch event: 18
- Delete event: 28
- Issue comment event: 61
- Push event: 11
- Pull request review comment event: 17
- Pull request review event: 40
- Pull request event: 85
- Fork event: 7
Last Year
- Create event: 38
- Release event: 8
- Issues event: 4
- Watch event: 18
- Delete event: 28
- Issue comment event: 61
- Push event: 11
- Pull request review comment event: 17
- Pull request review event: 40
- Pull request event: 85
- Fork event: 7
Committers
Last synced: about 1 year ago
Top Committers
| Name | Commits | |
|---|---|---|
| iliana destroyer of worlds | i****r@a****m | 150 |
| dependabot[bot] | 4****] | 100 |
| Matt Briggs | b****t@a****m | 100 |
| Patrick J.P. Culp | j****p@a****m | 48 |
| dependabot-preview[bot] | 2****] | 46 |
| Zac Mrowicki | m****i@a****m | 34 |
| ecpullen | e****n@a****m | 34 |
| Tom Kirchner | t****k@a****m | 18 |
| sanu11 | s****0@g****m | 16 |
| Sean McGinnis | s****g@a****m | 14 |
| Sean P. Kelly | s****l@a****m | 10 |
| Sam Berning | b****s@a****m | 9 |
| Martin Harriman | m****n@a****m | 9 |
| Gavin Inglis | g****s@a****m | 7 |
| Samuel Mendoza-Jonas | s****s@a****m | 5 |
| 👽 mgsharm | m****m@a****m | 5 |
| Shailesh Gothi | g****g@a****m | 5 |
| Kyle J. Davis | k****s@a****m | 5 |
| Flavio Castelli | f****i@s****m | 4 |
| Jarrett Tierney | j****t@a****m | 4 |
| Jonas | J****r@w****e | 3 |
| Luis Moreno | m****l | 3 |
| Richard Kelly | r****y@a****m | 3 |
| Tianhao Geng | t****g@a****m | 3 |
| David Barsky | d****y@a****m | 2 |
| Ben Cressey | b****y@a****m | 2 |
| Erick Tryzelaar | e****r@g****m | 2 |
| Erikson Tung | e****g@a****m | 2 |
| Fredrik Skogman | k****n@g****m | 2 |
| Jake Goulding | j****g@g****m | 2 |
| and 16 more... | ||
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: 10 months ago
All Time
- Total issues: 52
- Total pull requests: 454
- Average time to close issues: 7 months
- Average time to close pull requests: 20 days
- Total issue authors: 22
- Total pull request authors: 28
- Average comments per issue: 1.4
- Average comments per pull request: 1.21
- Merged pull requests: 151
- Bot issues: 1
- Bot pull requests: 331
Past Year
- Issues: 6
- Pull requests: 123
- Average time to close issues: 5 days
- Average time to close pull requests: 24 days
- Issue authors: 5
- Pull request authors: 11
- Average comments per issue: 0.33
- Average comments per pull request: 0.94
- Merged pull requests: 26
- Bot issues: 1
- Bot pull requests: 87
Top Authors
Issue Authors
- webern (16)
- ecpullen (5)
- cbgbt (4)
- jku (3)
- bcressey (2)
- fghanmi (2)
- arnaldo2792 (2)
- udf2457 (2)
- ginglis13 (2)
- zmrow (2)
- cgwalters (1)
- dependabot[bot] (1)
- taoohong (1)
- iliana (1)
- stmcginnis (1)
Pull Request Authors
- dependabot[bot] (331)
- jpculp (23)
- stmcginnis (15)
- webern (14)
- sam-berning (10)
- mgsharm (8)
- ecpullen (7)
- ginglis13 (5)
- cbgbt (5)
- fghanmi (4)
- flavio (4)
- SequeI (4)
- kdnakt (2)
- aumetra (2)
- sumukhballal (2)
Top Labels
Issue Labels
Pull Request Labels
Packages
- Total packages: 5
-
Total downloads:
- cargo 4,723,882 total
- Total docker downloads: 23,281,787
-
Total dependent packages: 11
(may contain duplicates) -
Total dependent repositories: 350
(may contain duplicates) - Total versions: 111
- Total maintainers: 4
- Total advisories: 8
crates.io: olpc-cjson
serde_json Formatter to serialize as OLPC-style canonical JSON
- Documentation: https://docs.rs/olpc-cjson/
- License: MIT OR Apache-2.0
-
Latest release: 0.1.4
published over 1 year ago
Rankings
Maintainers (1)
crates.io: tough
The Update Framework (TUF) repository client
- Documentation: https://docs.rs/tough/
- License: MIT OR Apache-2.0
-
Latest release: 0.21.0
published about 1 year ago
Rankings
Maintainers (2)
Advisories (8)
- tough terminating targets role delegations are not respected
- Improper sanitization of delegated role names
- tough cyclic delegation graphs are not detected
- Improper verification of signature threshold in tough
- Improper sanitization of target names
- tough root metadata version is not checked for sequential versioning
- tough failure to detect delegated target rollback
- tough timestamp metadata is cached when it fails snapshot rollback check
crates.io: tough-ssm
Implements AWS SSM as a key source for TUF signing keys
- Documentation: https://docs.rs/tough-ssm/
- License: MIT OR Apache-2.0
-
Latest release: 0.16.0
published about 1 year ago
Rankings
Maintainers (1)
crates.io: tough-kms
Implements AWS KMS as a key source for TUF signing keys
- Documentation: https://docs.rs/tough-kms/
- License: MIT OR Apache-2.0
-
Latest release: 0.13.0
published about 1 year ago
Rankings
Maintainers (2)
crates.io: tuftool
Utility for creating and signing The Update Framework (TUF) repositories
- Documentation: https://docs.rs/tuftool/
- License: MIT OR Apache-2.0
-
Latest release: 0.14.0
published about 1 year ago
Rankings
Maintainers (3)
Dependencies
- chrono 0.4.11
- dyn-clone 1.0.6
- globset 0.4.9
- hex 0.4.2
- log 0.4.8
- olpc-cjson 0.1.0
- path-absolutize 3
- pem 1.0.2
- percent-encoding 2
- reqwest 0.11.1
- ring 0.16.16
- serde 1.0.125
- serde_json 1.0.63
- serde_plain 1.0.0
- snafu 0.7
- tempfile 3.3.0
- untrusted 0.7.0
- url 2.1.0
- walkdir 2.3.2
- 212 dependencies
- serde 1.0
- serde_json 1.0.63
- unicode-normalization 0.1
- pem 1.0.2
- ring 0.16.16
- rusoto_core 0.48
- rusoto_credential 0.48
- rusoto_kms 0.48
- snafu 0.7
- tokio 1.8
- tough 0.12.2
- rusoto_core 0.48
- rusoto_credential 0.48
- rusoto_ssm 0.48
- serde 1.0.125
- serde_json 1.0.63
- snafu 0.7
- tokio 1.8
- tough 0.12.2
- chrono 0.4.11
- hex 0.4.2
- log 0.4.8
- maplit 1.0.1
- olpc-cjson 0.1.0
- pem 1.0.2
- rayon 1.5
- reqwest 0.11.1
- ring 0.16.16
- rusoto_core 0.48
- rusoto_credential 0.48
- rusoto_kms 0.48
- rusoto_ssm 0.48
- serde 1.0.125
- serde_json 1.0.63
- simplelog 0.12
- snafu 0.7
- structopt 0.3
- tempfile 3.3.0
- tokio ~1.8
- tough 0.12.2
- tough-kms 0.3.6
- tough-ssm 0.6.6
- url 2.1.0
- walkdir 2.3.2
- actions/cache v3 composite
- actions/checkout v3 composite
- rust slim build