SecureDrop uses cargo-vet to ensure third-party Rust dependencies have been audited by us or another trusted entity (e.g. Mozilla); see our documentation for more details.
This repository automatically aggregates our audits from various repositories to make them easily reusable by others.
To import our audits into another cargo-vet instance, add the following lines to your config.toml:
[imports.securedrop]
url = "https://raw.githubusercontent.com/freedomofpress/securedrop-supply-chain/main/audits.toml"