Open Source Security
Auditing Rust unsafe Code at Scale
How to actually audit unsafe blocks across a large Rust dependency graph without drowning in false positives or miss real issues.
Nov 18, 20247 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
How to actually audit unsafe blocks across a large Rust dependency graph without drowning in false positives or miss real issues.
Proc macros are Rust code that runs at compile time with the privileges of the developer. They are one of the most underexamined pieces of the Rust supply chain.
Cargo feature flags look like a compilation convenience but they are a load-bearing piece of your supply chain posture. Here is why.
Tokio is the async runtime underneath most production Rust. A supply chain review of Tokio and the crates that orbit it — dependencies, CVE history, and what changes across versions.
A look at how crates.io handles authentication, yanking, namespace squatting, and the supply chain risks that remain in mid-2024.
Field notes from migrating a production workspace from Rust 2018 to 2021, and what to watch for when 2024 lands in edition transitions.
Writing Rust for embedded or kernel targets drops you into no_std territory, and the supply chain rules are different there. A practical look at what changes and why.
A practical head-to-head between cargo-audit 0.21 and cargo-deny 0.16 based on six months of running both in production CI pipelines.
Why build.rs is the highest-leverage attack surface in the Rust ecosystem, with concrete examples from 2023 and 2024 incidents.
Weekly insights on software supply chain security, delivered to your inbox.