T-Rust - In Rust we Trust
Scan, review, curate and fix metadata of Rust crates
crates.io hosts over 160 thousand Rust packages that have been downloaded over 90 billion times. The origin metadata and licensing documentation for Rust crates is declared by the authors as part of the metadata, but can be misleading or incorrect. Accurate origin and license metadata for Rust crates is essential to safely automate the friction-free consumption of Rust packages in the software supply chain of safety-critical applications.
T-Rust intends to fix this problem in multiple steps: it will scan, review, curate and fix the metadata of the most popular crates. This data will be released as open data, working with the Rust community to provide the data as part of the crates.io API, cross-check and report code borrowing and reuse between crates. Subsequently an AboutCode toolchain will be deployed as a service for all crates authors to review, validate and enrich metadata. The outcome should be be that crates.io packages are shared with better, more accurate origin and license metadata at creation time. And that the increased level of trust in Rust crates will make it easier to consume more Rust packages safely.
Run by AboutCode
This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).
