Rust Foundation Security Initiative Report (
from to on 29 Jul 2023 02:36

threaded - newest on 29 Jul 2023 03:06 collapse

Public Availability of “Painter” Tool

We are proud to announce the first publicly-available tool in our Security Toolkit: Painter! Painter is an open source project that creates a complete call graph across the entire crates ecosystem to reveal how crates relate to each other. When a vulnerability exists in one crate, Painter allows users to more easily assess potential or active risks to other crates.

The tool is aimed at addressing issues and determining risks when using other tools (such as Cargo Audit). This allows users to not only determine if a vulnerable dependency exists but if the attack path is realized. Painter was created by Rust Foundation Security Engineer Walter Pearce and released for public usage in July 2023.

^ This is new(ish) info.