We are proud to announce the first publicly-available tool in our Security Toolkit: Painter!
Painter is an open source project that creates a complete call graph across the entire
crates ecosystem to reveal how crates relate to each other. When a vulnerability exists in
one crate, Painter allows users to more easily assess potential or active risks to other
crates.
The tool is aimed at addressing issues and determining risks when using other tools
(such as Cargo Audit). This allows users to not only determine if a vulnerable dependency
exists but if the attack path is realized. Painter was created by Rust Foundation Security
Engineer Walter Pearce and released for public usage in July 2023.
^ This is new(ish) info.