Publish a list of security-related projects

[DevQps]

Description

There are many great crates and projects out there that enhance or assess the security of the Rust ecosystem someway. However there is currently no central point from which these projects can be found and they are often linked through blog posts or interesting discussions on Zulip.

I think the README of this working group would be a great place to collect projects that can be of helping achieving our 2019 Working Group Goals (Kudo's for Shnatsel on writing this).

By doing this these projects would have more visibility and then can hopefully be used and improved to reach our goals.

I suggest that we leave this issue open for a week such that projects can be suggested. After that I can make a Pull Request that updates the README. Any projects that follow afterwards can then have a seperate PR.

[DevQps]

RustSec Advisory Database

Repository: https://github.com/RustSec/advisory-db/

Description:
The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via https://crates.io. Works closely with Cargo Audit.

[DevQps]

Cargo Audit

Repository: https://github.com/RustSec/cargo-audit

Description:
Audit Cargo.lock for crates with security vulnerabilities reported to the RustSec Advisory Database.

[DevQps]

RustSec Advisory Client

Repository: https://github.com/RustSec/rustsec-crate

Description:
Client library for accessing the RustSec Security Advisory Database: fetches the advisory-db (or other compatible) git repository and audits Cargo.lock files against it. It is mainly used by Cargo Audit but may be useful if you would like to consume the RustSec advisory database in other capacities.

[DevQps]

Cargo Geiger

Repository: https://github.com/anderejd/cargo-geiger

Description:
A program that list statistics related to usage of unsafe Rust code in a Rust crate and all its dependencies.

[DevQps]

Cargo Fuzz

Repository: https://github.com/rust-fuzz/cargo-fuzz

Description:
Command-line wrapper for using libFuzzer. Easy to use, no need to recompile LLVM!

[DevQps]

Crates Audit

Repository: https://gitlab.com/zachreizner/crates-audit/

Description:
A tool to cross-reference the crates.io index with the RustSec Advisory database.

[DevQps]

The Update Framework in Rust

Repository: https://github.com/heartsucker/rust-tuf

Description:
A Rust implementation of The Update Framework.

[DevQps]

Cargo Crev

Repository: https://github.com/dpc/crev

Description:
crev is an code review system as opposed to typically practiced code-change review system.

[DevQps]

MIRAI

Repository: https://github.com/facebookexperimental/MIRAI

Description:
Mirai is an abstract interpreter for the Rust compiler's mid-level intermediate representation (MIR). It is intended to become a widely used static analysis tool for Rust.

[DevQps]

Cargo Clippy

Repository: https://github.com/rust-lang/rust-clippy

Description:
A collection of lints to catch common mistakes and improve your Rust code.

[DevQps]

MIRI

Repository: https://github.com/rust-lang/miri

Description:
An experimental interpreter for Rust's mid-level intermediate representation (MIR). It can run binaries and test suites of cargo projects and detect certain classes of undefined behavior

[DevQps]

Libdiffuzz

Repository: https://github.com/Shnatsel/libdiffuzz

Description:
This is a drop-in replacement for OS memory allocator that can be used to detect uses of uninitialized memory. It is designed to be used in case Memory Sanitizer is not applicable for some reason.

[DevQps]

BugHunt, Rust

Repository: https://github.com/blt/bughunt-rust

Description:
This project is aiming to provide "stateful" QuickCheck models for Rust's standard library.

[DevQps]

Angora

Repository: https://github.com/AngoraFuzzer/Angora

Description:
Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

[DevQps]

honggfuzz-rs

Repository: https://github.com/rust-fuzz/honggfuzz-rs

Description:
A fuzzer developed by Google.

[DevQps]

afl.rs

Repository: https://github.com/rust-fuzz/afl.rs

Description:
Allows one to run the AFL fuzzer on code written in the Rust programming language.

[DevQps]

QuickCheck

Repository: https://github.com/BurntSushi/quickcheck

Description:
QuickCheck is a way to do property based testing using randomly generated input.

[DevQps]

Proptest

Repository: https://github.com/altsysrq/proptest

Description:
Proptest is a property testing framework (i.e., the QuickCheck family) inspired by the Hypothesis framework for Python.

[vakaras]

Loom

Repository: https://github.com/carllerche/loom

Description:
Loom is a model checker for concurrent Rust code. It exhaustively explores the behaviors of code under the C11 memory model, which Rust inherits.

[brycx]

untrusted.rs

Repository: https://github.com/briansmith/untrusted

Description:
untrusted.rs allows for reliable and efficient parsing of untrusted inputs in Rust.

EDIT: On second thought, this might not be relevant to what the issue is about. I think I've misunderstood. I'll let @DevQps decide whether it's in scope or not.

[DevQps]

@brycx I think it can serve a purpose here! We'll just have to place it in the right category. Like "Utilities libraries for safe programming" or something like that.

With a bit of luck I will be able to create a Pull Request of this today or tomorrow!