Rust Cargo package manager information.
The Go package manager is tier 2 (maybe?).
| Control | Status | Comments |
|---|---|---|
| Strong Authentication | Authentication is via GitHub, so maybe? | |
| MFA To Push Artifacts | Optional | Via GitHub account |
| Security Contacts | Yes | https://github.com/RustSec/advisory-db/ |
| Packages Can Notify of Security Issues | Yes | https://github.com/RustSec/advisory-db/ |
| Code package tied to source code | Probably, via relevant repo | |
| Update notifications | ||
| Consumer Check Status of a Package | Yes | cargo audit |
| Code signing | ?? | |
| Code analysis (static) | No | |
| Code Dependency Analysis | ||
| Package Manager Does Not Run Code | Yes | |
| Package Manager Does Not Collect Info | ||
| Project Roles Guide | No | |
| Project Roles Review | No | |
| Account Level Library Tagging |