Comparisons
How OpenVet relates to cargo-vet, cargo-crev, sigstore, in-toto, and other adjacent tools.
TODO: write me. The README in the openvet repo already has a “Related Projects” section that’s a reasonable starting point — expand each into a paragraph here.
Tools worth covering:
- cargo-vet — closest prior art; explain the deliberate departures (atomic claims vs judgement criteria, skipchain logs vs git-stored audits).
- cargo-crev — earlier Rust-only audit system.
- sigstore — overlapping primitive (transparency logs) for a different artefact (signed builds).
- in-toto — supply-chain attestation framework; different shape (pipelines, layered metadata).
- cargo-audit / RustSec — vulnerability-database scanner; adjacent but solves a different problem.