Lib.rs

#supply-chain #supply-chain-security #analysis #risk #source #repository #sdk

hipcheck-sdk

SDK for writing Hipcheck plugins in Rust

by Andrew Lilley Brinker, j-lanson and 15 contributors

5 releases (3 breaking)

new 0.4.0 Feb 21, 2025
0.3.1 Jan 31, 2025
0.3.0 Jan 30, 2025
0.2.0 Dec 11, 2024
0.1.0 Oct 10, 2024

#4 in #risk

Download history 3/week @ 2024-11-05 1/week @ 2024-12-03 163/week @ 2024-12-10 3/week @ 2024-12-17 243/week @ 2025-01-28 31/week @ 2025-02-04 8/week @ 2025-02-11

282 downloads per month

Apache-2.0

71KB
1.5K SLoC

Hipcheck Plugin SDK in Rust.

What is Hipcheck?

Hipcheck is a command line interface (CLI) tool for analyzing open source software packages and source repositories to understand their software supply chain risk. It analyzes a project's software development practices and detects active supply chain attacks to give you both a long-term and immediate picture of the risk from using a package.

Part of Hipcheck's value is its plugin system, which allows anyone to write a new data source or analysis component, or build even higher level analyses off of the results of multiple other components.

The Plugin SDK

This crate is a Rust SDK to help developers focus on writing the essential logic of their Hipcheck plugins instead of worrying about session management or communication with Hipcheck core. The essential steps of using this SDK are to implement the Query trait for each query endpoint you wish to support, then implement the Plugin trait to tie your plugin together and describe things like configuration parameters.

For more, see our detailed guide on writing plugins using this crate.

Dependencies

~16–25MB
~358K SLoC